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DirXML Driver 2.0 for Lotus Notes Implementation Guide 


About This Guide 


This document is for Lotus Notes administrators, Novell® eDirectory™ administrators, and others 
who implement the DirXML® Driver for Lotus Notes. 


The DirXML Driver for Lotus Notes is designed to automatically let you synchronize data in an 
eDirectory tree with data stored in a Domino* Directory or another Notes database. This 
configurable solution gives you the ability to increase productivity and streamline business 
processes by integrating Lotus Notes and eDirectory. 


The guide contains the following sections: 
+ Chapter 1, “Overview,” on page 9 
This section introduces new features and explains the default driver configuration. 
+ Chapter 2, “Installing and Configuring the Driver,” on page 15 
This section covers both the installation process as well as post-installation setup tasks. 
+ Chapter 3, “Upgrading,” on page 31 
This section covers the upgrade tasks. 
+ Chapter 4, “Customizing the Driver,” on page 37 


This section explains how to use driver parameters to customize the data synchronization of 
the driver. It provides examples for common customizations. 


+ Appendix A, “Using the Movecfg.exe Utility,” on page 65 
This section explains how to use the movecfg.exe utility to assist you in the upgrade process. 
+ Appendix B, “Samples for New Features,” on page 69 


This section provides examples of events from the DirXML engine, such as move or rename 
for a user, and what command the driver must be given to receive to perform the tasks in 
Notes, so you can see what transformations your policies need to perform. 


+ Appendix C, “Updates,” on page 77 
Additional Documentation 


For documentation on using Nsure™ Identity Manager and the other drivers, see the Identity 
Manager Documentation Web site (http://www.novell.com/documentation/lg/dirxml20). 


Documentation Updates 


For the most recent version of this document, see the Drivers Documentation Web Site (http:// 
www.novell.com/documentation/lg/dirxmldrivers). 
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Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
within a cross-reference path. 


A trademark symbol e, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party 
trademark. 


User Comments 


We want to hear your comments and suggestions about this manual and the other documentation 
included with Novell Nsure Identity Manager. To contact us, send e-mail to proddoc@novell.com. 
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Overview 


The DirXML® Driver for Lotus Notes lets you synchronize data in a Novell® eDirectory™ tree 
with data stored in a Domino Directory or another Notes database. 


The DirXML Driver for Notes is essentially an application programming interface (API) translator 
that maps object data represented in an XML document between eDirectory and the appropriate 
Lotus Domino Toolkit for Java* object methods. 


In this section: 


+ “New Features” on page 9 


+ “Notes Driver Basics” on page 11 


+ “Driver Components and Configuration” on page 13 


New Features 


Driver Features 


In this section: 


+ “Driver Features” on page 9 


+ “Identity Manager Features” on page 11 


+ AdminP features. The driver can support sending requests to the Notes Administration 
Process (AdminP). These features require Notes 6.0.3 or later. 


The following AdminP processes are supported: 


+ 


Delete user 


A sample of a command to the driver shim that deletes a user is in “Sample of Deleting 
a User” on page 73. 


Rename user 


See “Move/Rename” on page 60. A sample ofa command to the driver shim that renames 
a user is in “Sample of Renaming: Modifying a User Last Name” on page 71. 


Move to new certifier 


See “Move/Rename” on page 60. A sample of a command to the driver shim that moves 
a user is in “Sample of Moving a User” on page 72. 


Recertify user 
Set Notes password settings 


An example of these optional settings are included in “Sample of Adding a User” on 
page 69. 
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+ New add user options. The driver provides new options you can use when adding a user. 
These features require Notes 6.0.3 or later. 


+ Note explicit policy name 

+ Mail file manager name in mail file ACL 

+ Mailfile quota warning threshold 

+ Roaming user options (roaming cleanup period, etc.) 
+ Synchronize Internet password 


A sample of a command to the driver shim that adds a user is in “Sample of Adding a User” 
on page 69. Examples of some of these new optional settings are included. 


+ Sending console commands. With appropriate rights given to the driver’s user object in 
Notes, driver policies can send commands to a Domino server console. See “Sample of 
Sending a Command to the Domino Server Console” on page 74. 


+ 


The driver is cross-platform.The driver runs on the Domino server platforms of Linux, 
Solaris, and AIX. 


When using the driver on these three platforms, you must load it using the Remote Loader, 
even if the driver is on the same machine as eDirectory. 


+ Notes client is not required. The 2.0 version of the driver runs on the Domino server. 


+ Named Passwords: The sample driver configuration uses Named Passwords to protect the 
certifier passwords. One example is provided in the sample driver configuration. For more 
information, see “Using Named Passwords” on page 39. 


+ Multiple instances of ndsrep. The configuration of multiple instances of ndsrep on the same 
Domino server is handled automatically. 


+ NDSReg is no longer used. Prior to version 2.0, ndsrep parameters were stored in the 
Windows* registry using NDSReg. With version 2.0 of the DirXML Driver for Lotus Notes, 
the ndsrep Domino add-in process reads configuration parameters from a Lotus Notes 
database (dsrepcfg.nsf), so NDSReg is no longer necessary. 


If you are upgrading, you use the movecfg.exe utility to move specific DirXML Driver for 
Lotus Notes 1.x parameters from the Windows registry to the DirXML Driver for Lotus Notes 
2.x parameters location in eDirectory. See “Upgrading on Windows” on page 31. 


+ 


Support for Identity Manager Password Synchronization: The ability to set and modify 
the password is provided for the Notes HTTP password. For the traditional Notes ID file 
password, the password can be set only when a new user is created. 


For information about Password Synchronization, see “Password Synchronization across 
Connected Systems” in the Novell Nsure Identity Manager 2 Administration Guide. 


+ 


Support for Role-Based Entitlements: The driver configuration now provides the option to 
use Role-Based Entitlements for provisioning. 


Using Role-Based Entitlements is a design decision. Before you choose this option, see 
"Using Role-Based Entitlements” in the Novell Nsure Identity Manager 2 Administration 
Guide. 


+ 


Support for Novell Nsure Audit: The driver makes special use of the ability to specify a 
status type for any of the status levels defined. For more information, see “Logging and 
Reporting Using Nsure Audit” in the Novell Nsure Identity Manager 2 Administration Guide. 
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Identity Manager Features 
For information about the new features in Identity Manager, see “What's New in Identity Manager 


2?” in the Novell Nsure Identity Manager 2 Administration Guide. 


Notes Driver Basics 


Identity Manager fundamentals are explained in the Novell Nsure Identity Manager 2 
Administration Guide. This documentation discusses implementations, additions, or exceptions, 
specific to the DirXML Driver for Lotus Notes. 


Default Data Flow 


Subscriber Channel 


The Subscriber channel is the channel of communication from eDirectory to Lotus Notes. The 
following illustration shows this data flow: 


Domino 
Server 


eDirectory 


2777777 
(ATLL 


The driver can be configured to work with Notes databases other than names.nsf. 
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Publisher Channel 


The Publisher channel represents the channel of communication from Lotus Notes to eDirectory. 
The following illustration shows how this data is published: 


Domino 
Server 


eDirectory 


É ; 3 Changes occur to data here 
This process discovers changes 
NDSRep.exe 


in names.nsf, applies the 
Publisher filter to the changes, 
and writes the results in the 
output database 


Data is stored here 


Policies 


Policies are used to control the synchronization of data between eDirectory and the application, 
database, or directory. Policies transform an event on a channel input into a set of commands on 
the channel output. The driver includes the following set of preconfigured policies: 


+ Schema Mapping: Mappings have been defined for the Notes address book. 


+ Creation: The default Creation policy logic for the Publisher channel and the Subscriber 
channel is the same. For a User object to be created, Given name and Surname are required. 
For a Group object to be created, Description, Membership, and Owner are required. 


+ Matching: The default Matching policy logic for the Publisher channel and the Subscriber 
channel is the same. An eDirectory User object is considered to be the same object in Notes 
when Given name and Surname match in both directories. An eDirectory Group object is 
considered to be the same object in Notes when the CN is the same in both directories. 


+ Placement: The default Placement policy on the Subscriber channel places all User objects 
from a specified eDirectory container in a specified Notes Organizational Unit, and all Group 
objects from a specified eDirectory container in a specified Organizational Unit in Notes. The 
same relationship is typically maintained on the Publisher channel. The container names and 
OU names for this default Placement policy are collected from the user when importing the 
default driver configuration. 
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Driver Components and Configuration 


The driver contains the following components: 


+ Default Driver Configuration File: A driver configuration file is a file you can import to set 
up default rules, style sheets, and driver parameters. The driver configuration file included 
with the driver is Notes.xml, with its accompanying .xlf file. 


+ Driver Files: CommonDriverShim.jar and NotesDriverShim.jar are the Java files that direct 
synchronization between Notes and eDirectory. 


+ ndsrep: ndsrep is a Lotus Domino server add-in process to enable data synchronization. 
ndsrep keeps track of the time of the last successful synchronization within a Notes database, 
and checks the Lotus Domino Server for changes based on that time stamp. It then reads the 
changes from the Notes database, determines the event types they represent, and filters the 
updates based on objects and attributes specified in the Publisher filter in the driver 
configuration in eDirectory. 


+ dsrepcfg.ntf: A Notes database template required for the initial startup of the Notes driver 
shim. The Notes driver shim uses this Notes database template to create a configuration 
database named dsrepcfg.nsf used by ndsrep to determine the Publisher filter and other driver 
publication settings. 
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Installing and Configuring the Driver 


This section contains a road map for successfully installing and configuring the driver. There are 
tasks you must do before you install, tasks you only do on the Lotus Domino server side, tasks you 
only do on the Novell® eDirectory™ and Nsure™ Identity Manager side, and tasks you do after the 
installation. The order in which you do these tasks is important. Complete the tasks in the order 
listed. 


+ “Where to Install the Driver” on page 15 
+ “Meeting Requirements for the Driver” on page 16 
+ “Preparing Lotus Notes for Synchronization” on page 17 


+ “Setting Up the Driver” on page 18 


Where to Install the Driver 


You must decide whether to install the driver locally or remotely. After you’ve decided where to 
install the driver, continue with “Meeting Requirements for the Driver” on page 16. 


Installing Locally 


A local installation installs the driver on the same computer where you have installed the Lotus 
Domino server, eDirectory, and Identity Manager. 


If you are using Linux, Solaris, or AIX, you must always load the driver using Remote Loader, 
even if the driver is installed on the same machine as eDirectory and Identity Manager. 


IMPORTANT: Regardless of whether you pick a local or remote installation, the driver must always run on the 
same computer where the Lotus Domino server is installed. 


Local System Configuration 


eDirectory 
DirXML Engine 


DirXML Driver for Lotus Notes 
Lotus Domino 


NT/2000/2003 


Local System Configuration 


Remote Loader 
eDirectory 
DirXML Engine 
DirXML Driver for Lotus Notes 


Lotus Domino 
Linux, Solaris, 
or AIX 
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Installing Remotely 


A remote installation installs the driver on a different computer than the one where Identity 
Manager and eDirectory are installed. You should use this option when Domino and eDirectory 
are not on the same server. 


IMPORTANT: Regardless of whether you pick a local or remote installation, the driver must always run on the 
same computer where the Lotus Domino server is installed. 


Remote System Configuration 


Synchronization 


Director Remote Loader 
E y DirXML Driver for Lotus Notes 
DirXML Engine Lotus Domino 


NetWare, NT/2000/2003, NetWare, NT/2000/2003, 
Linux, or Solaris Linux, or Solaris 


Meeting Requirements for the Driver 
The DirXML Driver for Lotus Notes must always run on the same computer where the Lotus 
Domino server is installed. This computer must be running the following software: 
+ One of the following with Lotus Notes R5.0.8 or later: 
+ Windows NT" 
+ Windows 2000 Server 
+ Windows 2000 Professional 
Use the operating system versions required by Lotus Domino. 
+ One ofthe following with Lotus Notes R6 or later: 
+ Windows NT 
+ Windows 2000 Server 
+ Windows 2000 Professional 
+ Windows 2003 
+ Solaris 


If you are using the driver on Solaris, you should edit the /etc/system file on Solaris to 
include the following line: 


set msgsys:msginfo_msgtql=1024 


NOTE: This and other tips are listed in a document published by Sun”, "Domino on Solaris: 
Common Tuning Tips” (http://www.sun.com/third-party/global/lotus/technical). 


+ Linux 
AIX 


If your Notes system is unable to load tasks on the server, you might need to apply PTF 
486444 for AIX 5.2. 


Use the operating system versions required by Lotus Domino. 
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Preparing Lotus Notes for Synchronization 
Complete the setup tasks in this section to ensure that your Lotus Notes system works with Identity 
Manager. 
+ “Collecting Configuration Information” on page 17 
+ “Creating Lotus Notes Accounts and Groups” on page 17 


+ “Providing Access to Certifiers and ID Files in the Lotus Notes Infrastructure” on page 17 


Collecting Configuration Information 


You'll need to provide a number of system-specific details when you import the driver 
configuration for Lotus Notes. Some of these details can be collected before you complete the 
following procedures, and others will be defined during the process. 


See the list in “Creating a Driver Object and Importing the Driver Configuration” on page 24. 


Creating Lotus Notes Accounts and Groups 


1 Create a Notes User ID to be used exclusively by the driver and give it manager-level ACL 
access to the target Notes database (usually names.nsf), the output database created by ndsrep, 
and certlog.nsf. 


2 Ifa Deny Access group doesn’t already exist, create this group. 
This group is used to hold disabled user accounts. 
3 Copy and save the Universal ID (UNID) for the Deny Access group you just created. 


This string is used by the driver to uniquely identify this object, and you need to specify it 
when you are importing the driver configuration. 


To get the string: 


3a View the Document Properties of the group. (You can select the object and right-click to 
select Document Properties.) 


3b Click the Meta tab (the fifth tab from the right). 


3c Go to the end of the text in the Identifier field, and copy the character string from the last 
forward slash to the end. This will always be 32 alphanumeric characters. 


For example, if text in the Identifier field is 
Notes://myserver/87256E530082B5F4/85255E01001356A8852554C200753106/ 
16A28402CCEB7A9C87256E9F007EDA9B 


then the UNID would be 
16A28402CCEB7A9C87256E9F007EDA9B 


3d Paste this information into a file for later use when you run the Create Driver Wizard, as 
noted in “Creating a Driver Object and Importing the Driver Configuration” on page 24, 


Providing Access to Certifiers and ID Files in the Lotus Notes Infrastructure 


The Notes driver user needs access rights to the following: 


+ Its own user certifier ID file for the driver user in Notes 
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¢ The certifier ID files for the certifiers that you want the driver to create users for 
¢ The server ID file (optional; depends on your configuration) 


+ File access to a place where the driver can create new user certifier ID files (optional; depends 
on whether you want the driver to have this ability) 


Setting Up the Driver 
Complete these tasks to get the driver installed, configured, and running. (If you are upgrading the 
driver, see “Upgrading” on page 31.) 

O “Installing the Driver Shim” on page 18 

This procedure refers to the others in this section, to show when they should be completed. 

U “Creating a Driver Object and Importing the Driver Configuration” on page 24 

QO) “Configuring Database Replication Using ndsrep” on page 28 

U “Migrating and Resynchronizing Data” on page 30 


O “Activating the Driver” on page 30 


Most installations require some customization after installation to handle certification. Refer to 
Chapter 4, “Customizing the Driver,” on page 37 for more information. 


Installing the Driver Shim 
¢ “Installing on Windows” on page 18 


+ “Installing on AIX, Linux, or Solaris” on page 20 


Installing on Windows 
1 Install the driver shim, and the Remote Loader if necessary. 
You can install the driver shim at the same time you install the DirXML engine, or after. 


1a To run the driver locally on the same machine as the DirXML engine, run the Identity 
Manager installation program and select the DirXML Driver for Lotus Notes. 


Instructions are in “Installation” in the Novell Nsure Identity Manager 2 Administration 
Guide. 


1b To run the driver remotely, install the driver shim and Remote Loader on the system 
where you want to run the driver. 


Instructions are in “Setting Up a Connected System” in the Novell Nsure Identity 
Manager 2 Administration Guide. 


2 Manually copy the following files to set up the driver. 


Filename Copy from Copy to 

ndsrep.exe Its installed location The Domino server executable 
(\novell\NDS) folder (\Lotus\Domino) 

dsrepcfg.ntf Its installed location The Domino server data folder 
(\novell\NDS) (Lotus\Domino\Data) 


18 DirXML Driver for Lotus Notes Implementation Guide 


Filename Copy from Copy to 


Notes.jar \Lotus\Domino One of the following: 


+ If running locally, 
\Novell\nds\lib 


+ If running remotely, 
\Novell\RemoteLoader\lib 


3 Make sure that the Domino shared libraries directory (for example, c:\lotus\domino) is in the 
Windows system path, and reboot the computer to make sure this step is complete. 


Without this directory in the Windows system path, the JVM* might have difficulty locating 
the Domino shared libraries required by Notes.jar, such as nxlsbe.dll. 


4 Ifthe Domino server requires databases to be signed, use a Notes client or Domino 
Administrator to sign dsrepcfg.ntf with your Domino server’s server ID. 


5 After installation, create a driver object as explained in “Creating a Driver Object and 
Importing the Driver Configuration” on page 24. 


6 Set passwords for the driver and Remote Loader for the initial startup of the Remote Loader. 


These passwords must be the same as the Driver Password and Remote Password you 
specified when importing the driver configuration, as described in “Creating a Driver Object 
and Importing the Driver Configuration” on page 24. 


7 Start the driver using iManager. 
7a In iManager, select DirxXML Management > Overview. 
7b Locate the driver in its driver set. 


7c Click the driver status indicator in the upper right corner of the driver icon, then click 
Start Driver. 


7d Enter the password for the Notes User that you are using for the driver, if you are 
prompted to do so. This prompt appears only the first time you start the driver, and 
whether it appears depends on your driver configuration. 


When the driver starts the first time, it does the following: 
+ Searches for the Domino Server (specified in the driver parameters at import time) 


+ Opens dsrepcfg.nsf. If that file does not exist, the driver creates dsrepcfg.nsf 
automatically, using the dsrepcfg.ntf database template that is provided with the driver. 


+ Writes to dsrepcfg.nsf the Publisher parameters and data specifying an appropriate update 
database file (usually named ndsrep.nsf), so that ndsrep can read them. 


IMPORTANT: If the driver shim initializes with the notes.ini file for a Notes client instead of the Domino 
server, the driver shim is not able to open dsrepcfg.ntf. 


If dsrepcfg.ntf is not found, or the initial dsrepcfg.nsf creation process fails, then the Publisher channel 
shuts down, and Step 8 cannot be completed. 


Ensure that the driver shim initializes properly by modifying the Windows system path to find the notes. ini 
file for the Domino server before it finds the notes.ini for a Notes client. 


8 At the Domino Console, start the ndsrep task: 


load ndsrep instance 
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Installing on AIX, Linux, 
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10 


11 


12 


1 


The instance must be the driver name, or a unique instance name set up for this driver. If the 
name of your driver includes spaces, then you must put quotes around the name. After ndsrep 
is loaded, all TELL commands are issued to this instance of ndsrep using the instance name. 


A task named DirXML or a similar name is now displayed in the Notes Task Viewer. 


After the initial configuration and startup has been validated, update the Domino server’s 
notes.ini file so that ndsrep is loaded automatically. 


For example: 


ServerTasks=Update, Replica, Router,AMgr,AdminP,ndsrep notesdrvl, 
CalConn, Sched, HTTP, IMAP, POP3 


If the name of your driver includes spaces, then you must put quotes around the name. 


After the first successful startup, the Notes driver and ndsrep can be launched in any order 
that is convenient for your particular configuration. 


For more information about ndsrep, see “Configuring Database Replication Using ndsrep” on 
page 28. 


Activate the driver, as explained in “Activating the Driver” on page 30. 


Data synchronized by the driver should not be used outside of a test environment if you have 
not purchased the driver. 


If you want to synchronize all objects at once, you must initiate the process as explained in 
“Migrating and Resynchronizing Data” on page 30. 


Otherwise, synchronization takes place on an object-by-object basis, the next time a change 
is made to the individual object. 


Most installations require some customization after installation to handle certification. Refer 
to Chapter 4, “Customizing the Driver,” on page 37 for more information. 


or Solaris 


After installing Identity Manager, install the driver shim and Remote Loader on the system 
where you want to run the driver. 


For AIX, Linux, and Solaris, you must run the driver using the Remote Loader, even if the 
driver is running on the same machine as Identity Manager. 


In the installation, choose Connected System Server, as described in “Setting Up a Connected 
System” in the Novell Nsure Identity Manager 2 Administration Guide. 


The necessary files for the driver shim are installed in /usr/lib/dirxml. 


Make sure that /usr/lib/dirxml/classes/Notes.jar is linked to the correct directory for your 
environment. 


For example, enter the following: 
Is -l /usr/lib/dirxml/classes/Notes.jar 
The link should be something like the following: 


/usr/lib/dirxml/classes/Notes.jar linked to 
/opt/lotus/notes/60030/linux/Notes.jar 


In this example, 60030 is the version number of Domino. If you upgrade Domino after 
installing the driver, you need to check your symbolic links. See “Troubleshooting 
Installation” on page 23. 
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3 Make sure you have created a user to run the Remote Loader and the driver, as described in 
“Creating Lotus Notes Accounts and Groups” on page 17. 


You cannot run Remote Loader for the Notes driver using root. 


4 Create a driver object as explained in “Creating a Driver Object and Importing the Driver 
Configuration” on page 24. Do not start the driver yet. 


5 Use a Notes client or Domino Administrator to sign dsrepcfg.ntf with your Domino server’s 


server ID. 


6 Copy the following files from where they are installed (/usr/lib/dirxml/rules/notes by default), 
to the location where you intend to launch your driver on the Domino server, such as /local/ 
notesdata, /home/notes, or /user/bin. You might want this location to be in your search path. 


Filename 


rdxml.startnotes 


rdxml.stopnotes 


findDomino 


rdxml.confignotes (or wherever 
your configuration is stored) 


Description 


This script calls the findDomino script, which sets up 
appropriate Domino operating system environment variables 
for the Notes driver. Then the rdxml.startnotes script launches 
the Remote Loader with the Notes driver parameters specified 
in the rdxml.confignotes file. 


If the location where the scripts are placed is not in a current 
search path, you might need to do one of the following: 


+ Modify rdxml.startnotes to include a specific path to the 
findDomino script. 


+ Create a symbolic link for findDomino in /usr/bin. 


This script stops the Remote Loader that is running the Notes 
driver. 


This script is called from the rdxml.startnotes script. When you 
launch rdxml.startnotes, this script sets up operating system 
environment variables that indicate the location of a UNIX type 
of installation of Domino. 


This configuration is referenced by rdxml.startnotes and 
rdxml.stopnotes scripts. 


You might need to modify the rdxml.startnotes script to fit your 
environment. For example, if you change the name of the 
configuration file to a name other than rdxml.confignotes, you 
must revise the last line in the script. 


You might need to change the configuration ports that are 
referenced in this file. 


These three sample scripts and the sample configuration file are provided to demonstrate how 
to launch the driver. You can start the Remote Loader for the driver using rdxml.startnotes, 
and stop the Remote Loader for the driver using rdxml.stopnotes. 


The sample scripts work in a variety of situations. If they do not work in your environment, 
you might need to edit them appropriately. 


The sample scripts produce a Remote Loader trace log for the driver that can be used for 


troubleshooting. 


7 Modify the scripts and configuration file to fit to your environment, as described in the table 


in Step 6. 
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11 


Make sure that the three scripts noted in Step 6 have file access for execution (for example, 
TWXI-XI-X). 


Set passwords for the driver and Remote Loader for the initial startup of the Remote Loader. 
For example, 


cd driver_script_directory 
./rdxml.startnotes -sp driver_password remote_loader_password 


These passwords must be the same as the Driver Password and Remote Password you 
specified when importing the driver configuration, as described in “Creating a Driver Object 
and Importing the Driver Configuration” on page 24. 


Use rdxml.startnotes to start Remote Loader for the driver. 
For example, 


cd driver_script_directory 
./rdxml.startnotes 


The driver_script_directory should be the directory where you placed the files in Step 6. 
Start the driver using iManager. 

11a In iManager, select DirXML Management > Overview. 

11b Locate the driver in its driver set. 


11¢ Click the driver status indicator in the upper right corner of the driver icon, then click 
Start Driver. 


When the driver starts the first time, it does the following: 
+ Searches for the Domino Server (specified in the driver parameters at import time) 


+ Opens dsrepcfg.nsf. If that file does not exist, the driver creates dsrepcfg.nsf 
automatically, using the dsrepcfg.ntf database template that is provided with the driver. 


+ Writes to dsrepcfg.nsf the Publisher parameters and data specifying an appropriate update 
database file (usually named ndsrep.nsf), so that ndsrep can read them. 


NOTE: If dsrepcfg.ntf is not found, or this initial dsrepcfg.nsf creation process fails, then the Publisher 
channel shuts down, and Step 12 cannot be completed. 


12 At the Domino Console, start the ndsrep task: 


load ndsrep instance 


The instance must be the driver name, or a unique instance name set up for this driver. If the 
name of your driver includes spaces, then you must put quotes around the name. After ndsrep 
is loaded, all TELL commands are issued to this instance of ndsrep using the instance name. 


A task named DirXML or a similar name is now displayed in the Notes Task Viewer. 


13 After the initial configuration and startup has been validated, update the Domino notes.ini file 


so that ndsrep is loaded automatically. 
For example: 


ServerTasks=Update, Replica, Router,AMgr,AdminP,ndsrep notesdrvl, 
CalConn, Sched, HTTP, IMAP, POP3 


If the name of your driver includes spaces, then you must put quotes around the name. 


After the first successful startup, the Notes driver and ndsrep can be launched in any order 
that is convenient for your particular configuration. 
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14 Activate the driver, as explained in “Activating the Driver” on page 30. 


Data synchronized by the driver should not be used outside of a test environment if you have 
not purchased the driver. 


15 Ifyou want to synchronize all objects at once, you must initiate the process as explained in 
“Migrating and Resynchronizing Data” on page 30. 


Otherwise, synchronization takes place on an object-by-object basis, the next time a change 
is made to the individual object. 


16 Most installations require some customization after installation to handle certification. Refer 
to Chapter 4, “Customizing the Driver,” on page 37 for more information. 


For troubleshooting tips, see “Troubleshooting Installation” on page 23. 


Troubleshooting Installation 
For Windows: 


¢ The first time the driver runs, it searches for the Domino Server (specified in the driver 
parameters at import time), and tries to open dsrepcfg.nsf to write the publisher parameters 
that ndsrep reads. If dsrepcfg.nsf does not exist, then the NotesDriverShim attempts to create 
dsrepcfg.nsf using the database template dsrepcfg.ntf that ships with the driver. 


If dsrepcfg.nsf is successfully created, and contains data specifying an appropriate update 
database file (usually named ndsrep.nsf), then you can load ndsrep successfully at the Domino 
Console. 


If dsrepcfg.ntf is not found, or this initial dsrepcfg.nsf creation process fails, then the 
Publisher channel shuts down, and you can’t load the ndsrep task at the Domino console. 


You can use a Notes client to create the dsrepcfg.nsf database using the dsrepcfg.ntf template. 
After doing so, modify the ACL so that the Notes driver user has manager-level access to the 
database. 


For AIX, Linux, and Solaris: 
+ If you upgrade Domino after installing the driver, you need to do one of the following: 


+ Check the following symbolic links, and re-create them manually if necessary. 


File to link Symbolic link to create 
Notes.jar /usr/lib/dirxml/classes/Notes jar 
Example: 


In -s /opt/lotus/notes/latest/your_platform/Notes.jar 
luser/lib/dirxml/classes/Notes.jar 


ndsrep /opt/lotus/notes/latest/your_platform/ndsrep 
Example: 


In -s /usr/lib/dirxml/rules/notes/ndsrep 
/opt/lotus/notes/latest/your_platform/ndsrep 
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File to link Symbolic link to create 
dsrepcfg.ntf /opt/lotus/notes/latest/your_platform/dsrepcfg.ntf 
Example: 


In -s /usr/lib/dirxml/rules/notes/dsrepcfg.ntf 
/opt/lotus/notes/latest/your_platform/dsrepcfg.ntf 


The variable your_platform represents the operating system. The following table shows 
the folder names. 


Operating System Folder Name 
AIX ibmpow 
Linux linux 

Solaris sunspa 


+ Back up certain files, and then reinstall the driver. Reinstalling the driver shim re-creates 
the symbolic links, but it overwrites certain files. If you have made changes to them, you 
need to make a backup. 


Back up the following files: 


rdxml.startnotes 

rdxml.stopnotes 

findDomino 

rdxml.confignotes (or wherever your configuration is stored) 


After reinstalling the driver shim, copy the backups to their original location. 


+ Even if you don’t use the mail functions, you must specify all mail parameters in the driver 
configuration. If they are not specified, the driver might report errors and stop running. 


+ The sample scripts provided (rdxml.startnotes, rdxml.stopnotes, findDomino) produce a 
Remote Loader trace log for the driver that can be used for troubleshooting. 
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Import the driver configuration file to create all necessary eDirectory objects, such as policies, 
style sheets, and filters, for basic driver configuration. Then you can modify the configuration to 
fit your specific business needs. 


Follow the instructions in “Creating a Driver Object” in the Novell Nsure Identity Manager 2 
Administration Guide. 


Provide the following information and finish the wizard, then start the driver as described in 
“Installing the Driver Shim” on page 18. 


The sample driver configuration uses a new feature, flexible prompting, to reduce complexity 
when importing the configuration. If you choose to install the driver for use with Remote Loader, 
or if you choose to use Role-Based Entitlements, an additional page is displayed in the wizard 
where you provide information for those features. 
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Import Prompt 


Notes User ID 


Notes User ID File 


Notes User Password 


Domino Server 


Notes Server ID File 


Default Notes Certifier ID File 


Default Notes Certifier Password 


Notes Organization Name 


Notes Domain 


Target Notes Database 


Is this database a Notes Address Book? 


Notes Changelog Database 


Certify new Notes Users? 


Notes ID Storage Path 


Notes Certification Log Database 


Update Address Book with user certifications? 


Description 


Enter the Notes User ID this driver will use for Notes Authentication (in fully 
qualified canonical form: i.e. cn=Notes Driver/o=Organization). 


This user ID needs administrative rights to the Input database as well as 

the Output database. We recommend that this ID be specifically created 

for the driver and used only by the driver. This will prevent the driver from 
responding to changes made to Notes when this user is used. 


Enter the full path (on the Domino Server) for the Notes User ID file 
associated with the Notes User this driver will use for Notes Authentication. 


Enter the password for the Notes User ID this driver will use when 
authenticating to Notes (for the above user ID file). 


Enter the Name of the Domino server this driver will authenticate to (in fully 
qualified canonical form: i.e. cn=NotesServer/o=Organization). 


Enter the full path for the Notes Server ID file associated with the Notes 
Server this driver will authenticate to. 


Enter the full path (on the Domino server) for the Default Notes Certifier ID 
file the driver will use at the default certifier. This is usually the root certifier, 
but can be any certifier with adequate access. 


Enter the password for the Default Notes Certifier ID this driver will use 
when certifying new users. 


This password is secured using the new Named Passwords feature. See 
“Using Named Passwords” on page 39. 


Enter the name of the Notes Organization (This is usually the o= at the root 
of the tree). 


Enter the name of the Notes Domain. 

Enter the relative path and file name (on the Domino server) for the target 
Notes Database. The path should be relative to the Domino server's data 
directory. 

This driver has the capability of interfacing with different Notes databases. 
Enter the relative path and file name (on the Domino server) for the Notes 
Changelog Database. This file is created by ndsrep. The path should be 


relative to the Domino server's data directory. 


Should the driver certify users added to Notes on the subscriber channel? 


Enter the path (on the Domino server) where the driver should create new 
user ID files. 


Enter the relative path and file name (on the Domino server) for the Notes 
Certification Log Database. The path should be relative to the Domino 
server's data directory. 


Should Notes update the server entry in the Address Book when a new 
user is certified in Notes on the subscriber channel? 
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Import Prompt 


Store User ID files in Notes Address Book? 


Is the Domino Server a North American Server? 


ID File Expiration Term 


Minimum Notes Password Length: 
Default Notes User ID Password: 
Default Notes HTTP Password 


Create Mail File? 


Mail Database Storage Path: 


Notes Mail Database Template 


Notes Mail Server 


Internet Mail Domain 


Deny Access Group Universal Note ID 


Publisher Channel Poll Rate 

Publisher placement destination path for USERS 
Publisher placement destination path for 
GROUPS 

Subscriber placement source path for USERS 
Subscriber placement source path for GROUPS: 


Detect Event Loop Back? 


NDSREP Schedule Units 


NDSREP Schedule Value 
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Description 


Should Notes store new users IDs in the address book when certifying 
users added to Notes on the subscriber channel? 


Is the Domino server this driver is binding to when certifying new users a 
North American Domino server? This affects encryption levels. Choose 
Yes for 128 bit encryption. 


Enter the expiration term (in years) for ID files created by the driver when 
certifying users added on the Subscriber channel. 


Enter the minimum password length for new Notes user IDs (0 - 16). 
Enter the default password for new Notes user IDs. 
Enter the default HTTP password for new Notes users. 


Should the driver create a mail file for users certified to Notes on the 
subscriber channel? 


Enter the relative path where the driver should create new Mail databases. 
The path should be relative to the Domino Data directory. 


Enter the relative path and file name (on the Domino server) for the Notes 
Mail Database Template this driver will use when creating new mail 
databases. The path should be relative to the Domino server's data 
directory. 

Enter the Name of the Notes Mail Server this driver will create new mail 
databases on (in fully qualified canonical form: i.e. cn=NotesServer/ 
o=Organization). 


Enter the Internet Mail Domain to be used when generating Internet e-mail 
addresses. 


Enter the Notes Universal ID for the Deny Access Group. This can be 
found on the Properties sheet for the Group in the Notes Client (32 
characters long). 


Enter the polling interval (in seconds) for how often the publisher channel 
will check the change log for updates. 


Enter the eDirectory path where eDirectory users will be created. 
Enter the eDirectory path where eDirectory groups will be created. 
Enter the eDirectory path (subtree root) where user changes will be 
detected. 


Enter the eDirectory path (subtree root) where group changes will be 
detected. 


Select Yes to prevent event loop back from occurring, or No to allow event 
loop back. 


Enter the schedule units for the ndsrep polling interval. 


Enter the schedule value for the ndsrep polling interval. 
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Import Prompt 
DNFormat 

Check Attributes 
Write Time Stamps 


Enable Role-Based Entitlement features 


Install Driver as Remote/Local 


Remote Host Name and Port 


Driver Password 


Remote Password 


Description 

Enter the distinguished name format. 

Shall all attributes be checked for each object event? 

Shall driver time stamps be written to each synchronized object? 


Select Yes if you are using the Entitlements Driver and would like to include 
the role-based entitlement features provided by this driver configuration. 


This is a design decision. Don’t choose this option unless you have 
reviewed the information about Role-Based Entitlements in the Novell 
Nsure Identity Manager 2 Administration Guide. 


Configure the driver for use with the Remote Loader service by selecting 
Remote, or select Local to configure the driver for local use. For 
information on how to decide, see “Where to Install the Driver” on page 15. 


(Remote Driver Configuration only) 


Enter the Host Name or IP Address and Port Number where the Remote 
Loader Service has been installed and is running for this driver. The 
Default Port is 8090. 


(Remote Driver Configuration only) 


The Driver Object Password is used by the Remote Loader to authenticate 
itself to the DirXML server. It must be the same password that is specified 
as the Driver Object Password on the DirXML Remote Loader. 


(Remote Driver Configuration only) 


The Remote Loader password is used to control access to the Remote 
Loader instance. lt must be the same password that is specified as the 
Remote Loader password on the DirXML Remote Loader. 
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Configuring Database Replication Using ndsrep 


Setting Up ndsrep 


Complete the following sections to configure replication using ndsrep: 


+ 


+ 


+ 


“Setting Up ndsrep” on page 28 
“Loading and Controlling ndsrep” on page 28 
“Setting Up Multiple Instances of ndsrep” on page 29 


Review the information about ndsrep and starting the driver in the steps in “Installing the 
Driver Shim” on page 18. 


Make sure you have copied the necessary files for your platform, as described in “Installing 
the Driver Shim” on page 18. 


(Windows only) Add c:\lotus\domino to your system path, then reboot the computer. 


Before trying to load ndsrep, make sure that the DirXML Driver for Lotus Notes has been 
started at least once. 


Loading and Controlling ndsrep 


You always load and run ndsrep at the server console on the Domino server. The ndsrep program 


creates an output database (by default, ndsrep.nsf), detects changes in the address book in the 
Domino server (or other Notes database), and copies these changes to the output database. 


+ 


Loading ndsrep: Load ndsrep in the Domino Server console. 
Add ndsrep to the ServerTasks = statement in NOTES.INI and restart the Domino server, 


For example: 


ServerTasks=Update, Replica, Router,AMgr,AdminP,ndsrep notesdrvl, 
CalConn, Sched, HTTP, IMAP, POP3 


or 
Type the following in the Notes Server Console window: 
load ndsrep instance 


In either case, if the name of your driver includes spaces, then you must put quotes around the 
name. 


Controlling ndsrep: Use the TELL commands described in the table. 
The following ndsrep TELL commands allow for immediate ndsrep actions. These commands 


are not stored; ndsrep simply executes the action. 


TELL Command Description 


RefreshConfig Reads ndsrep configuration information from the configuration store. 
Replicate Forces an immediate check for updated notes. 

Resume Sets ndsrep to resume processing timer events and replication. 
ShowConfig Displays ndsrep configuration settings in the console window. 
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TELL Command Description 


ShowFilter Displays the first 240 characters of the filter for updated records that ndsrep 
is using when publishing. 


Suspend Suspends activity until the Resume command is given. 


Setting Up Multiple Instances of ndsrep 


You can run multiple instances of ndsrep to support multiple drivers running against a single 
Domino server. You must specify the appropriate driver instance name as a parameter when 
loading ndsrep. By default, this instance name is the name of the driver. 


If the name of your driver includes spaces, then you must put quotes around the name. 
Consider the following important issues with setting up ndsrep and multiple instances: 
+ To load ndsrep, you must use the appropriate instance name: 
load ndsrep instance 
ndsrep will be loaded and referenceable using TELL commands by the value of instance. 


+ By default, ndsrep stores configuration data for instances in a common Notes database 
(dsrepcfg.nsf). 


+ When modifying notes.ini to auto load multiple instances of ndsrep, simply insert ndsrep 
instance multiple times on the ServerTask line of notes.ini. 


For example: 


ServerTasks=Update, Replica, Router, AMgr,AdminP, 
ndsrep notesdrvl,ndsrep notesdrv2,CalConn, Sched, HTTP, IMAP,POP3 


+ For custom configurations, you can tell ndsrep to utilize a different configuration database. To 
do so, use the ndsrep configuration parameter and load ndsrep using the -£ filename 
parameter as noted in ndsrep configuration database and ndsrep configuration instance in the 
parameters table in Chapter 4, “Customizing the Driver,” on page 37 
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Migrating and Resynchronizing Data 


Identity Manager synchronizes data as the data changes. If you want to synchronize all data 
immediately, you can choose from the following options: 


+ Migrate Data from eDirectory: Allows you to select containers or objects you want to 
migrate from eDirectory to an application. When you migrate an object, the DirXML engine 
applies all of the Matching, Placement, and Create rules, as well as the Subscriber filter, to the 
object. 


+ Migrate Data into eDirectory: Allows you to define the criteria Identity Manager uses to 
migrate objects from an application into Novell eDirectory. When you migrate an object, the 
DirXML engine applies all of the Matching, Placement, and Create rules, as well as the 
Publisher filter, to the object. Objects are migrated into eDirectory using the order you specify 
in the Class list. 


+ Synchronize: The DirXML engine looks in the Subscriber class filter and processes all 
objects for those classes. Associated objects will be merged. Unassociated objects are 
processed as Add events. 


To use one of the options explained above: 
1 In iManager, select DirXML Management > Overview. 
2 Locate the driver set containing the Notes driver, then double-click the driver icon. 


3 Click the appropriate migration button. 


Activating the Driver 
Activation must be completed within 90 days of installation, or the driver will not run. 


For activation information, refer to “Activating Novell Identity Manager Products” in the Novell 
Nsure Identity Manager 2 Administration Guide. 
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Upgrading 


In this section: 


+ “Upgrading on Windows” on page 31 


+ “Upgrading on AIX, Linux, or Solaris” on page 35 


Upgrading on Windows 


In this section: 


+ “Preparing to Upgrade” on page 31 


+ “Upgrading the Driver Shim and Configuration from 1.x to 2.x” on page 31 


+ “Upgrading the Driver Shim and Configuration from 2.0 to 2.1” on page 34 


Preparing to Upgrade 


Make sure you have reviewed all TIDs and product updates for the version of the driver you are 
using. 


The new driver shim is intended to work with your existing driver configuration, but this assumes 
that your driver shim and configuration have the latest fixes. 


Upgrading the Driver Shim and Configuration from 1.x to 2.x 


1 


When you install Nsure'M Identity Manager 2, make sure you select the option to install 
utilities. This installs the movecfg.exe utility necessary for upgrading, noted in Step 5. 
Instructions are in “Installation” in the Novell Nsure Identity Manager 2 Administration 
Guide. 


You can install the upgraded driver shim at the same time you install the DirXML engine, or 
after. To install the driver shim, run the Identity Manager installation program and select the 
DirXML Driver for eDirectory. Instructions are in “Installation” in the Novel! Nsure Identity 
Manager 2 Administration Guide. 


The new driver shim replaces the previous one. 
IMPORTANT: Running a new driver with a previous version of the DirXML engine is not supported. 
Convert your existing configuration from 1.x to 2.0 format, using the wizard. 


See “Upgrading a Driver Configuration from DirXML 1.x to Identity Manager Format” in the 
Novell Nsure Identity Manager 2 Administration Guide. 


Unload all instances of ndsrep from the Domino Server Console. 


Use the movecfg.exe utility to upgrade the placement of configuration parameters, as 
described in “Using the Movecfg.exe Utility” on page 65. 
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You can use a batch file such as the example provided in “Example Batch File to Use” on 
page 66. 


The movecfg.exe utility is installed in the utilities directory if you select the option to install 
Utilities during DirXML installation. 


For example, on Windows: 


C:\novell\nds\DirxXMLUtilities 


IMPORTANT: If you have multiple instances of ndsrep, you must run movecfg.exe once for each one, 
using the -ndsrep parameter. 


(Windows only) Copy the following files: 


+ Manually copy ndsrep.exe from its installed location (\novell\NDS) to the Domino server 
executable folder (\Lotus\Domino). 


+ Manually copy dsrepcfg.ntf from its installed location (\novell\NDS) to the Domino 
server data folder (\Lotus\Domino\Data). 


On Linux and Solaris, the package install places it in the /usr/lib/dirxml/rules/notes folder 
and creates a symbolic link for it in the /local/notesdata folder. 


+ Manually copy the Notes.jar file from the \Lotus\Domino directory to the \Novell\nds\lib 
directory (or the \novell\remote\loader\lib directory if running Remote Loader). 


NOTE: This is necessary for product updates as well as new releases. 


If you have previously modified the Domino server’s notes.ini file ServerTasks line to auto- 
load ndsrep (as described in “Loading and Controlling ndsrep” on page 28), you must add an 
instance name (by default, the driver name) as a parameter to ndsrep. 


For example: 


ServerTasks=Router, Replica, Update, Amgr,AdminP,maps, 
ndsrep notesdrvl,ndsrep notesdrv2 


NOTE: If you have multiple instances of ndsrep, you must do this for each one. 
If the name of your driver includes spaces, then you must put quotes around the name. 


For example, if the driver name is CN=Notes Driver, your notes.ini might look like the 
following: 


ServerTasks=Router, Replica, Update, Amgr,AdminP,maps, ndsrep 
notesdrvl,ndsrep "Notes Driver" 


Restart ndsrep, or restart the Domino server. 
Stop and restart eDirectory and the driver for the system to use the new driver shim file. 


At this point, the driver should work even though you have not made changes to the 
configuration other than converting it to Identity Manager 2 format. 


If you want to make changes to the driver configuration, such as using named passwords or 
global configuration values (GCVs) for multiple certifiers, you can do so. 


See “Customizing the Driver” on page 37. 


NOTE: For an example of the new parameters and new features such as named passwords, review the 
sample driver configuration. 


If you are using Lotus Notes 6.0.3, and you want to use the AdminP process features, you need 
to turn them on by adding the driver parameter named Allow Domino AdminP Support to the 
Subscriber Options. 


DirXML Driver for Lotus Notes Implementation Guide 


12 


13 


14 
15 


For example: 


<allow-adminp-support display-name="Allow Domino AdminP Support”>True</ 
allow-adminp-support> 


See Allow Domino AdminP Support in “Subscriber Options” on page 42. 


Consider adding the Publisher Options driver parameter named NDSREP Console Trace 
Level to your driver configuration. 


See NDSREP Console Trace Level in “Publisher Options” on page 45. 


Consider adding the sample policy named Notes - Return Email Address 
(NotesReturnEmail.xml) to your driver configuration, in the Command Transformation 
policy set on the Subscriber channel. 


When a new user in eDirectory is synchronized to Notes, this policy is used to write back the 
Notes e-mail address to eDirectory. In 1.x versions of the driver, this functionality was done 
differently. If you want to continue to have this functionality with the 2.1 driver version, you 
must use the new policy. 


See “Importing a Policy to Write Back the Notes E-mail Address for New Users” on page 33. 
Activate the driver. See “Activating the Driver” on page 30. 


When your changes are complete, restart the driver. 


Importing a Policy to Write Back the Notes E-mail Address for New Users 


This policy is designed to generate an e-mail address for user Add events on the Subscriber 
channel. It provides backwards compatibility for functionality that existed in the previous version 
of the driver. In 1.x versions of the driver, this functionality was done differently. 


If you want to continue to have this functionality when upgrading a driver configuration from the 
1.x to the 2.x driver version, you must use the new policy. (The policy is already a part of the 
sample configuration provided with the 2.1 version of the driver.) 


The default form of the e-mail address provided by the policy is a concatenation of the Given 
Name, a space, the Surname, and domain name entered when importing the policy. For example: 
Joe User@mydomain.com. The policy can be edited after import to customize the form of the e- 
mail address as needed. 


1 
2 
3 


In ¡Manager, click DirXML Utilities > Import Drivers. 
Select the driver set where your existing driver resides. 


In the list of driver configurations that appears, scroll down to the Additional Policies heading, 
then select only the item labeled Notes - Return Email Address. Click Next. 


A list of import prompts appears. 

Select the name of your existing driver. 

Specify the domain name to be used as the suffix for the e-mail address generated. 
For example, mydomain.com. 

Click Next. 


A page appears with the message “A driver named your_driver_name already exists in the 
driver set. Select one of the options below.” 


Select the following items: 
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+ Update Only Selected Policies in That Driver 
+ Return Email Address (Subscriber - DirXML Script) 
8 Click Next, then click Finish to complete the wizard. 


At this point, the new policy has been created as a policy object under the driver object, but is 
not yet part of the driver configuration. To link it in, you must manually insert it into a policy 
set. 


9 Insert the new policy into the Command Transformation policy set on the Subscriber Channel. 


9a Click DirXML Management > Overview. Select the driver set for the driver you are 
updating. 


9b Click the driver you just updated. A page opens showing a graphical representation of the 
driver configuration. 


9c Click the icon for the Command Transformation on the Subscriber channel. 


9d Click Insert to add the new policy. In the Insert page that appears, click Use an Existing 
Policy, then browse for and select the new policy object. Click OK. 


9e Ifyou have more than one policy in the policy set, use the arrow buttons [4] I to move 
the new policy to the correct location in the list. 


Upgrading the Driver Shim and Configuration from 2.0 to 2.1 
4 Stop the driver. 
2 Install the new driver shim. 


3 Ifyou are using Lotus Notes 6.0.3 or later, and you want to use the AdminP process features, 
you need to turn them on by adding the driver parameter named Allow Domino AdminP 
Support to the Subscriber Options. 


For example: 


<allow-adminp-support display-name="Allow Domino AdminP Support”>True</ 
allow-adminp-support> 


See Allow Domino AdminP Support in “Subscriber Options” on page 42. 


4 Consider adding the Publisher Options driver parameter named NDSREP Console Trace 
Level to your driver configuration. 


See NDSREP Console Trace Level in “Publisher Options” on page 45. 


5 When your changes are complete, restart the driver. 
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Upgrading on AIX, Linux, or Solaris 


In this section: 


+ “Upgrading Domino” on page 35 


Upgrading Domino 


For AIX, Linux, and Solaris, if you upgrade Domino after installing the driver, you need to do one 
of the following: 


+ Check symbolic links, and re-create them manually if necessary. 


+ Ifyou have customized the files rdxml.startnotes, rdxml.stopnotes, findDomino, or 
rdxml.confignotes, back them up and then reinstall the driver. Reinstalling the driver shim re- 
creates the symbolic links, but it overwrites those files. 


For more information, see “Troubleshooting Installation” on page 23. 
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Customizing the Driver 


This section explains how to customize your driver for your specific business rules. 
+ “Determining eDirectory Object Placement When a Notes Object is Moved” on page 37 
+ “Automatically Determining Which Certifier to Use” on page 39 
+ “Using Named Passwords” on page 39 
+ “Using Driver Parameters” on page 40 
+ “Overriding Driver Parameters” on page 47 
+ “Additional Sample Style Sheets” on page 59 
+ “Synchronizing a Database Other Than Names.nsf” on page 60 
+ “Schema Mapping Type and Form” on page 60 
+ “Move/Rename” on page 60 
+ “Tell AdminP Commands” on page 63 


NOTE: When you customize data synchronization, you must work within the supported standards and 
conventions for the operating systems and accounts being synchronized. Data containing characters that are 
valid in one environment, but invalid in another, causes errors. 


Determining eDirectory Object Placement When a Notes Object is 
Moved 


A Move is done by Nsure™ Identity Manager relative to either a parent’s association key or 
dest-dn. Containment in Notes is purely logical, and as such, an OU in Notes never has an 
association to eDirectory, so it isn’t possible to provide a parent association. Also, the driver shim 
has no reference of the eDirectory namespace or containment, so it can’t provide a parent dest-dn 
(destination DN). Therefore, an appropriate parent dest-dn must be provided by a policy. 


Notes - Move Sample is a sample Publisher channel policy that contains logic to determine 
eDirectory™ object placement when an associated Notes object is moved. 


This policy is designed to provide the same functionality contained in the sample style sheet 
named placemove.xsl, provided with earlier versions of the driver. 


Ona move, the dest-dn is set for a particular source dn. After importing the Notes - Move Sample 
policy, you have a policy defining a single mapping between source and destination containers. 
You can define additional mappings by editing the resulting policy. 


NOTE: Because of the way Notes manages CN and DN in FullName, it is not possible to distinguish between 
a Move and a Rename event in ndsrep. Therefore, when ndsrep determines that the FullName item has 
changed, it generates both a Move and a Rename event. 


To add the Notes - Move Sample policy to your driver configuration: 
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1 In iManager, click DirXML Utilities > Import Drivers. 


10 


Select the driver set where your existing driver resides. 


In the list of driver configurations that appears, scroll down to the Additional Policies heading, 
then select only the item labeled Notes - Move Sample. Click Next. 


A list of import prompts appears. 
Select the name of your existing Notes driver. 
Specify one container in Notes and the corresponding container in eDirectory. 


The import process uses this information to create one pair of “mappings” between Notes 
containers and eDirectory containers. 


5a Specify the source container from Notes where the move originates. 
For example, \MyOrganization\Engineering\Testing. 

5b Browse for and select the destination container where the object should be moved to. 
For example, Testing. MyOrganization. 

Click Next. 


A page appears with the message “A driver named your_driver_name already exists in the 
driver set. Select one of the options below.” 


Select the following: 

+ Update Only Selected Policies in That Driver 

+ Move Sample (Driver - DirXML Script) 

Click Next, then click Finish to complete the wizard. 


At this point, the new policy has been created as a policy object under the driver object, but is 
not yet part of the driver configuration. To link it in, you must manually insert it into a policy 
set. 


Insert the new policy in a policy set on the Publisher Channel. 


Place it where it would be appropriate in your driver configuration. For example, in the Input 
Transformation or Event Transformation policy set. 


9a Click DirXML Management > Overview. Select the driver set for the driver you are 
updating. 


9b Click the driver you just updated. A page opens showing a graphical representation of the 
driver configuration. 


9c Click the icon for the policy set on the Publisher Channel. 


9d Click Insert to add the new policy. In the Insert page that appears, click Use an Existing 
Policy, then browse for and select the new policy object. Click OK. 


9e Ifyou have more than one policy in the policy set, use the arrow buttons [AI] to move 
the new policy to the correct location in the list. 


Complete the “mappings” for all the containers in Notes and eDirectory by editing the XML 
for the policy. 


Follow the example of the first pair that is created for you with the container names you 
provided in Step 5. 
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Automatically Determining Which Certifier to Use 


Because most Notes environments use more than one certifier, NotesDriverShim can be 
configured to use different certifiers through policy. The sample Cert.xsl style sheet, located in the 
dirxml\drivers\lotusNotes\rules directory, is an Output Transformation style sheet that contains 
logic to determine which Notes Certifier to use based on the src-dn attribute on the <add> tag. 
Another example provided is the NotesCertifierSelectionSampleSS.xsl sample style sheet. 


You can edit the choose/when statements to model your Notes system certifier structure. If using 
only the root certifier is acceptable, then using Cert.xsl is not necessary, because the driver 
parameters screen can contain the information for the root certifier. 


To use Cert.xsl in your environment, first, change the existing xsl:when statements to match your 
configuration. 


<xsl:when test="string($dn) = '\dirxml-ds\provo\notes\eng'"> 
<xsl:attribute name="cert-—id">c:\lotus\domino\data\eng.id</xsl:attribute> 
<xsl:attribute name="cert-pwd">certify2eng</xsl:attribute> 
<xsl:attribute name="user—-pwd">new2notes</xsl:attribute 

</xsl:when> 


Add as many xsl:when statements as you need to model your organization's certification structure. 
Then change the cert-id and cert-pwd in xsl:otherwise to match your root certifier information. 


<xsl:otherwise> 
<xsl:attribute name="cert-id">d:\lotus\domino\data\cert.id</xsl:attribute> 
<xsl:attribute name="cert-pwd">certify2notes</xsl:attribute> 
</xsl:otherwise> 


Cert.xsl communicates the certifier information by adding attributes to the add tag in the XML 
document. If NotesDriverShim doesn’t find these attributes, it uses the root certifier information 
from the driver Parameters passed during initialization. 


NOTE: Cert.xs! also shows how to override several other parameters for the driver. See “Overriding Driver 
Parameters” on page 47 for more information about these parameters. 


Using Named Passwords 


The DirXML engine provided with Identity Manager 2 supports a new way of securing the 
passwords you need to use in your driver policies. The sample driver configuration shows an 
example. 


One use for this feature would be to store a password for each of your Notes certifiers. For 
example, if you had certifiers for Human Resources, Engineering, and Marketing, you could use 
named passwords to securely store the password for each respective certifier ID file in your driver 
parameters. In the driver configuration, you would click the Edit XML button and specify driver 
parameters something like this: 


<cert-id-password display-name="Certifier Password" is-sensitive="true" 
type="password-ref">HR</cert-id-password> 


<cert-id-password display-name="Certifier Password" is-sensitive="true" 
type="password-ref">Engineering</cert-id-password> 


<cert-id-password display-name="Certifier Password" is-sensitive="true" 
type="password-ref">Marketing</cert-id-password> 
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When you return to the graphical interface for the driver parameters, each of these passwords has 
prompts to enter the password and confirm the password. These passwords are stored, encrypted, 
with the driver configuration. You can reference these passwords by name in your driver policies. 


For an example of how to use named passwords, see the sample configuration and also the 
NotesCertifierSelectionSampleSS.xsl sample style sheet, listed in “Additional Sample Style 
Sheets” on page 59. 


Using Driver Parameters 


Driver Options 


Parameter 


Certifier ID file 


Certifier ID password 


Directory File or Input 
Database 


To change driver parameters, edit the Driver Parameters page. 

1 In iManager, click DirXML Management > Overview. 

2 Find the driver in its driver set. 

3 Click the driver icon to display the Driver Overview page. 

4 Click the driver icon again to display the Modify Object page. 

5 Click Driver Configuration. 

6 Use the information in the tables that follow to upgrade driver parameters. 
In this section: 

+ “Driver Options” on page 40 

+ “Subscriber Options” on page 42 

+ “Publisher Options” on page 45 


The third column of the following table contains XML text that you should paste into the Driver 
Parameters XML Editor. The XML text represents exactly what is necessary to display the 
parameters. 


Description XML to Define Driver Parameters 

The default Notes Certifier ID file that is used to <cert-id-file display-name="Certifier ID 
register user objects in the Notes Address Book. The  File">/local/notesdata/cert.id</cert-id- 
full path of the file should be represented with file> 


respect to the operating system hosting Domino. 


The default Notes Certifier ID file password that is <cert-id-password display- 
used to register user objects in the Notes Address name="Certifier Password" is- 
Book. sensitive="true" type="password- 


ref">defaultCertPwd</cert-id-password> 
When using the type=“password-ref” attribute of this 


parameter, the password is encrypted and securely 
stored with the Driver Configuration. When securely 
stored in this fashion, the password can then be 
referenced by the DirXML engine or a driver using 
the key name specified. (In this example, 
defaultCertPwd.) 


The file name of the database to be synchronized <directory-file display-name="Directory 
with eDirectory. Specify this item without full path File">names.nsf</directory-file> 
information. 
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Parameter 


Notes Address Book 


Notes Domain Name 


Server ID File 


Update File of Output 
Database or ndsrep polling 
cache 


User ID file 


Description 


Specify Yes if the input database (directory file) is a 
Notes Address book; otherwise, specify No. 


The name of the Notes domain the driver is running 
against. It might be different from the Notes 
Organization name, and therefore can't be derived 
from the server name. 


The Notes Server ID file associated with the Notes 
Server this driver authenticates to (This is optional). 
The full path of the file should be represented with 
respect to the operating system hosting Domino. 
This ID file need not be the server ID file. It can 
actually be an ID file that has no password (and need 
not have any access anywhere). 


The filename of the database used to cache 
database changes that need to be published to 
eDirectory. The default is ndsrep.nsf. Specify this 
item without full path information. 


The Driver’s Domino add-in process ndsrep creates 
this database. Within this database, filtered updates 
are cached before being consumed by the Notes 
Driver’s publisher. 


The Notes User ID file associated with the Notes 
User this driver represents (this is required). The full 
path of the file should be represented with respect to 
the operating system hosting Domino. The 
password associated with this user ID file is input in 
the following user interface section: Driver 
Configuration > Authentication > Specify the 
application password 


XML to Define Driver Parameters 


<is-directory display-name="Notes 
Address Book? (Yes/No)">Yes</is- 
directory> 


<notes-domain display-name="Notes 
Domain Name">Provo</notes-domain> 


<server-id-file display-name="Server ID 
File">/local/notesdata/server.id</server- 
id-file> 


<update-file display-name="Update 
File">ndsrep.nsf</update-file> 


<user-id-file display-name="User ID 
File">/local/notesdata/notedrv.id</user- 
id-file> 
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Subscriber Options 


The third column of the following table contains XML text that you should paste into the Driver 
Parameters XML Editor. The XML text represents exactly what is necessary to display the 


parameters. 
Parameter Description XML to Define Driver Parameters 
Allow Domino AdminP Specifies that AdminP features can be used. <allow-adminp-support display- 
Support AdminP features are supported only for users of name=“Allow Domino AdminP 
Lotus Notes 6.0.3 or later. Support”>Yes</allow-adminp-support> 


If you have Lotus Notes 6.0.3 or later and you want 
to use the AdminP features, you must add this 
parameter and set it to Yes. 


If the parameter does not exist in the driver 
parameters, the default setting is No. 


This parameter can be overridden on a command- 
by-command basis using the attribute Allow AdminP 
Support described in “Overriding Driver Parameters” 
on page 47. 


Certify/Register Users This parameter indicates the default behavior forthe <cert-users display-name="Certify 
driver regarding Notes user account creation. Yes Users? (Yes/No)">Yes</cert-users> 
indicates the driver by default attempts to register 
users in the Notes Address book by certifying them 
and creating an ID file for each user when add 
events are received. 


This default setting can be overridden using the XML 
<certify-user> attribute tag. 


Create Mail DB This parameter indicates the default behavior forthe <create-mail display-name="Create Mail 
driver regarding e-mail account creation. Yes DB? (Yes/No)">Yes</create-mail> 
indicates the driver by default attempts to create a 
Notes Mail database when adding a new user. 


This default setting can be overridden using the XML 
attribute tag <create-mail>. 


Default HTTP Password The default Notes Web (HTTP) password set for <default-http-password display- 
newly created Notes users. name="Default HTTP 


: : i i Password">notesweb</default-http- 
This default setting can be overridden using the XML password> 


attribute tag <user-pwd>. 


Default Notes Password The default Notes User ID password for newly <default-password display- 
created Notes users. name="Default Notes 


Password">notes</default-password> 
This default setting can be overridden using the XML 


attribute tag <user-pwd>. 


Expiration Term The default expiration term (specified in years) for <expiration-term display- 
newly created Notes User ID files. name="Expiration Term in Years">2</ 


expiration-term> 
This default setting can be overridden using the XML 


attribute tag <expire-term>. 
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Parameter 


Failed Command Reply 
Status 


ID File Storage Location 


Internet Mail Domain Name 


Mail File ACL Level 


Mail File Storage Location 


Minimum Notes Password 
Length 


North American Server 


Notes Mail Server Name 


Description 


If the parameter does not exist in the driver 
parameters, the default setting is Retry. 


Possible values are Success, Warning, Error, Retry, 
or Fatal. 


This parameter can be used when troubleshooting 
critical situations. 


This parameter specifies the default Notes User ID 
file (certifier) storage location that is used when user 
objects are registered and ID files are created. New 
ID files are placed in this location. The full path of the 
folder should be represented in relationship to the 
operating system hosting Domino. 


This default setting can be overridden using the XML 
attribute tag <user-id-path>. 


Obsolete in version 2.0. 


The default ACL setting for the newly created mail 
file of newly created user objects. Valid values are 
NOACCESS, DEPOSITOR, READER, AUTHOR, 
EDITOR, DESIGNER, and MANAGER. When no 
ACL setting is specified, the setting defaults to 
MANAGER. 


This default setting can be overridden using the XML 
attribute tag <mailfile-acl-level>. 


A mail storage path relative to the Domino data 
storage location where mail files are stored if 
created by the driver. For example, if the parameter 
is set to “mail,” then new mail files created by the 
driver on the Domino server (running on Linux) are 
stored in the /local/notesdata/mail folder. 


The default minimum password length (0-16 
characters) for newly created Notes User ID files. 


This default setting can be overridden using the XML 
attribute tag <minimum-pwd-len>. 


North American Server User ID file (certifier) 
property. Set to Yes only if the Domino Server is in 
North America. According to Domino registration 
requirements, this attribute is required for user ID file 
creation. 


The DN of the Notes Server that holds the mail files. 


This default setting can be overridden using the XML 
<mailserver> element as a child of the add event 
element. 


XML to Define Driver Parameters 


<retry-status-return display- 
name=“Failed Command Reply 
Status“>Retry</retry-status-return> 


<cert-path display-name="ID File 
Storage Location" 
>c:\lotus\domino\data\ids\people</cert- 
path> 


<internet-mail-domain display- 
name="Internet Mail Domain 
Name">mycompany.com</internet-mail- 
domain> 


<mailfile-acl-level display-name="Mail 
File ACL Level">MANAGER</mailfile- 
acl-level> 


<mailfile-path display-name="Mail File 
Storage Location">mail</mailfile-path> 


<minimum-pwd-len display- 
name="Minimum Notes Password 
Length (0 - 16)">5</minimum-pwd-len> 


<north-american-flag display-name="Is 
North American Server?">Yes</north- 
american-flag> 


<mail-server display-name="Notes Mail 
Server Name">cn=Server1/o=Org</ 
mail-server> 
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Parameter 


Notes Save Failed Reply 
Status 


Notes Web (HTTP) 


Password Set 


Registration Log File 


Store ID in Notes Address 
Book 


Template for mail file 
creation 


Update Address Book 


Description 


If the parameter does not exist in the driver 
parameters, the default setting is Retry. 


Possible values are Success, Warning, Error, Retry, 
or Fatal. 


This parameter can be used when troubleshooting. 


Set the parameter to Yes to allow the Notes driver to 
set or to change the Web (HTTP) password attribute 
on user objects. Set the parameter to No to disallow 
the Notes driver from setting or changing the web 
(HTTP) password attribute on user objects. 


The default is Yes. 


The Notes Certification log file that is used to record 
the registration of user objects in the Notes Address 


Book. Specify this item without full path information. 


This flag indicates the default behavior for the driver 
regarding attaching user ID files on their respective 
user objects in the Notes Address Book at 
registration time. 


Setting the flag to Yes causes registered user 
objects in the Notes Address Book to be created 
with an attached user ID file. 


Setting the flag to No causes registered user objects 
in the Notes Address Book to be created without an 
attached user ID file. 


This default setting can be overridden using the XML 
attribute tag <store-useridfile-in-ab>. 


The .ntf database template to be used when creating 
a new mail database when the driver creates a user 
e-mail account. This template must be accessible to 
the Domino server in the Domino data folder. 


This parameter indicates the default behavior for the 
driver regarding placing registered user objects in 
the Notes Address Book. Setting the flag to Yes 
causes registered users to be placed in the address 
book. Setting the flag to No causes users to be 
registered (meaning that a certifier ID file is created 
for the user) without the user object being placed 
into the Notes Address Book. 


This default setting can be overridden using the XML 
attribute tag <update-addressbook>. 
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XML to Define Driver Parameters 


<notes-save-fail-action display- 
name="Notes Save Failed Reply 
Status”>Retry</notes-save-fail-action> 


<allow-http-password-set display- 
name="Allow Notes Web (HTTP) 
password to be set">Yes</allow-http- 
password-set> 


<cert-log display-name="Registration 
Log File">certlog.nsf</cert-log> 


<store-id-ab-flag display-name="Store 
ID in Notes Address Book? (Yes/ 
No)">Yes</store-id-ab-flag> 


<mailfile-template display- 
name="Template for Mail File 
creation">mail6.ntf</mailfile-template> 


<update-ab-flag display-name="Update 
Address Book? (Yes/No)">Yes</update- 
ab-flag> 


Publisher Options 


The third column of the following table contains XML text that you should paste into the Driver 
Parameters XML Editor. The XML text represents exactly what is necessary to display the 
parameters. 


Parameter 


Check Attributes 


DNFormat 


Enable Loop Back Detection 


Loop Back Detection User 


Name 


NDSREP Configuration 
Auto-refresh 


Description 


The ndsrep check and publish attributes parameter. 
Set to Yes if only modified attributes within the 
Publisher filter should be sent to eDirectory via the 
Publisher channel when a Notes object is modified. 
Set to No if all sync attributes specified within the 
Publisher filter should be sent to eDirectory via the 
Publisher channel when a Notes object is modified. 


The default value is Yes. 


The Distinguished Name format used by ndsrep. 
Valid values are SLASH, LDAP, and 
LDAP_TYPED. The default is SLASH. 


Loopback detection parameter. Set to Yes to enable 
loopback detection. Set to No to disable loopback 
detection. 


Loopback detection Notes user name. By default (if 
this parameter is not present), the Authentication ID 
contained within Driver Configuration is used as the 
Loop Back Detection User Name. (This is standard 
loopback detection functionality). This parameter 
allows for setting the loopback detection user name 
to a different value. 


The ndsrep Configuration Auto-refresh setting. 
Valid settings are Yes and No. 


Set to Yes to have ndsrep automatically detect 
changes to the publisher configuration parameters. 


Set to No to have ndsrep ignore changes to the 
publisher configuration until it is restarted or 
manually prompted to refresh the configuration. 


If this parameter is not present, by default auto- 
refresh is set to Yes. 


XML to Define Driver Parameters 


<check-attrs-flag display-name="Check 
Attributes?">Yes</check-attrs-flag> 


<dn-format display- 
name="DNFormat">SLASH</dn- 
format> 


<loop-detect-flag display-name="Enable 
Loop Back Detection">Yes</loop-detect- 
flag> 


<loop-detect-id display-name="Loop 
Back Detection User Name">CN=Notes 
Driver/O=ACME</loop-detect-id> 


<auto-refresh-flag display- 
name="NDSREP Configuration Auto- 
refresh">No</auto-refresh-flag> 


Customizing the Driver 45 


Parameter Description XML to Define Driver Parameters 


NDSREP Configuration The ndsrep configuration database filename created <config-db-name display- 

database and maintained by the driver. This parameter name="NDSREP Configuration 
controls which .nsf database the driver shim uses to database">/home/notes/mycfg.nsf</ 
write its publication options. config-db-name> 


The full path of the filename should be represented 
with respect to the operating system hosting 
Domino. When using this parameter, ndsrep needs 
to be loaded with the “-f filename” parameter. 


ndsrep load example: 


load ndsrep NotesDriver2 -f /home/ 
notes/mycfg.nsf 


If this parameter is not present, by default the 
Configuration database filename is set to 
dsrepcfg.nsf and is normally located in the Domino 
data folder. 


If the name of your driver includes spaces, then you 
must put quotes around the name. 


NDSREP Configuration The ndsrep configuration instance name created <instance-id display-name="NDSREP 
Instance and maintained by the driver within the ndsrep Configuration Instance">NotesDriver2</ 
configuration database. This parameter controls instance-id> 


which database note the driver shim uses to read 
and write its publication options within the ndsrep 
configuration database. When using this parameter, 
ndsrep utilizes the settings of this configuration 
instance when loaded with this instance name as a 
parameter. 


If this parameter is not present, by default the 
configuration instance is set to the name of the 
driver (the driver RDN in eDir). 


ndsrep load example: 
load ndsrep NotesDriver2 


If the name of your driver includes spaces, then you 
must put quotes around the name. 


NDSREP Console Trace Possible values are Silent, Normal, Verbose, or <ndsrep-console-trace-level display- 
Level Debug. name=“NDSREP Console Trace 


Level”>Normal</ndsrep-console-trace- 
If this parameter is not present, the default setting is  Jeye]> 


Normal. 


NDSREP Schedule Units The ndsrep polling interval unit. Valid values are <schedule-units display- 
SECONDS, MINUTES, HOURS, and DAYS. The  name="NDSREP Schedule 


default value is SECONDS. Units">SECONDS</schedule-units> 
NDSREP Schedule Value The ndsrep polling interval unit value. This value is  <schedule-value display- 
utilized in conjunction with the <schedule-units> name="NDSREP Schedule Value">30</ 
configuration parameter. schedule-value> 
Polling Interval Notes Driver Shim publisher polling interval, <polling-interval display-name="Polling 
specified in seconds. Interval (in seconds)">30</polling- 
interval> 
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Parameter 


Publication Heartbeat 
Interval (in seconds) 


Publication Heartbeat 
Interval 


Write Time Stamps 


Description 


Publication Heartbeat Interval specified in seconds. 
This parameter can be used instead of <pub- 
heartbeat-interval> to provide finer interval size 
granularity. If no documents are sent on the 
Publisher channel for this specified interval (duration 
of time), then a heartbeat document is sent by the 
driver. A value of 0 indicates that no heartbeat 
documents are to be sent. 


If this parameter is not present, by default the 
publication heartbeat interval is 0. 


Publication Heartbeat Interval specified in minutes. 
If no documents are sent on the Publisher channel 
for this specified interval (duration of time), then a 
heartbeat document is sent by the driver. A value of 
0 indicates that no heartbeat documents are to be 
sent. 


If this parameter is not present, by default the 
publication heartbeat interval is 0. 


Whether ndsrep writes special driver time stamp on 
synchronized Notes parameter. Set to Yes to have 
ndsrep write a driver specific time stamp on all Notes 


XML to Define Driver Parameters 


<pub-heartbeat-interval-seconds 
display-name="Publication Heartbeat 
Interval (in seconds)">30</pub- 
heartbeat-interval-seconds> 


<pub-heartbeat-interval display- 
name="Publication Heartbeat Interval (in 
minutes)">10</pub-heartbeat-interval> 


<write-timestamps-flag display- 
name="Write Time Stamps?">No</write- 
timestamps-flag> 


objects that are synchronized. This special driver 
time stamp is used to more accurately determine 
Notes object attribute updates.Set to No to have 

ndsrep determine Notes object attribute updates 

based on existing Notes object time stamps. 


The default value is No. 


Overriding Driver Parameters 


You can override many of the driver configuration parameters using policies. 


An example of two overrides is shown in “Automatically Determining Which Certifier to Use” on 
page 39. In the Cert.xsl sample style sheet, the certifier ID and certifier password are passed as 
attributes of the <add> XML element. The driver finds those parameters and uses the passed values 
instead of the default values from the driver parameters. The parameters apply as indicated in the 
Valid Use column of the following table. 


If an attribute overriding a default configuration parameter is present, it is applied to the note 
regardless of event type. Because these parameters map to items on a note in Lotus Notes, these 
overrides are passed as attribute tags of the event element, or <add-value> children of the event 
element in the XML document. 


Another example is in the sample driver configuration, in the style sheet named 
AddAccountNotesOptions.xml. It utilizes global configuration values (GCVs) specified in 
NotesConfig2GCV.xml to determine which setting to apply. 


For items that use Yes or No values, True or False values can also be used. 
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Parameter 


Administration Process 


Server 


XML Tag 


adminp-server 


Valid Use 


As an attribute to an 
<add>, <modify>, 
<move>, <delete>, or 
<domino-console- 
command> event 
element. 


Description 


Specifies the Domino server with which to establish 
an administration process session. Or specifies the 
Domino server where a console command should be 
sent. The default is the local server specified in the 
driver parameters. Example: adminp- 
server="myserver1/acme”. Requires Notes 6.0.3 or 
later. 


Allow AdminP Support 


allow-adminp- 


As an attribute to an 


Specifies whether the command received by the 


support <add>, <modify>, Notes driver shim should allow issuing AdminP 
<move>,<rename>,or requests if possible. The attribute can be True or 
<delete> event False. The default is False if not set with the <allow- 
element. adminp-support> driver parameter in the subscriber- 
options section. This attribute can be used to 
override Allow Domino AdminP Support in 
“Subscriber Options” on page 42, on a command-by- 
command basis. Example: allow-adminp- 
support="True”. Requires Notes 6.0.3 or later. 
Alternate Full Name AltFullName As an <add-value> This element specifies the Alternate Full Name, an 
child element of an attribute in Notes, when registering a new user. Like 
<add> event. other user attributes, this can be synchronized using 
an attribute in eDirectory or inserted in a style sheet. 
See the Lotus Notes documentation for information 
on setting AltFullName for a user. 
Alternate Organization  alt-org-unit As an attribute to an Specifies the alternate Organization Unit when 


Unit 


<add> event element. 


registering a new user in Notes. 


Alternate Organization 
Unit Language 


alt-org-unit-lang 


As an attribute to an 
<add> event element. 


Specifies the alternate Organization Unit language 
when registering a new user in Notes. 


Certification Expiration 
Date 


cert-expire-date 


As an attribute to an 
<add>, <modify, or 
<move> event 
element. 


Specifies the date when a user certifier expires. This 
attribute can be applied to override the default 
expiration term specified in the driver parameters. It 
is used by the Notes Driver shim when processing 
events that result in AdminP requests that cause the 
recertification of the user, such as move, rename, or 
recertify, or on add event when creating new Notes 
users. The date format should be specified in text 
using the appropriate format of the locale of the 
Domino Server. For example, in English, cert-expire- 
date="1 July 2010”. An alternate to this attribute is 
expire-term. 


Certifier ID File 


cert-id 


As an attribute to an 
<add> event element 


This tag specifies the Notes Certifier ID file that is 
used to register this user object in the Notes Address 
Book. The full path of the file should be represented 
with respect to the operating system hosting Domino. 
Overrides the default Notes Certifier ID file parameter 
<cert-id-file> in the driver configuration. 
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Parameter 


XML Tag 


Valid Use 


Description 


Certifier ID File 
Parameter Reference 


drv-param-cert-id 


As an attribute to an 
<add> event element 


This tag can be used instead of the Certifier ID file 
<cert-id> tag. This tag specifies a driver parameter 
that holds the Notes Certifier ID file that is used to 
register this user object in the Notes Address Book. 
The driver parameter tag can have any name, but its 
value needs to indicate the full path of the certifier ID 
file with respect to the operating system hosting 
Domino. Overrides the default Notes Certifier ID file 
parameter <cert-id-file> in the driver configuration. 


Certifier Name 


certifier-name 


As an attribute to a 
<move> event 
element. 


Specifies the certifier name required to move a user 
in Notes from an old certifier to a new certifier. The 
value is the name of the new certifier where the user 
is moving to. This attribute should be used in 
conjunction with old-cert-id or one of its alternates, 
old-cert-pwd or one of its alternates, cert-id or one of 
its alternates, and cert-pwd or one of its alternates. 
The cert-id specified should belong to the certifier- 
name. Example: certifier-name="/mktg/acme”. 
Requires Notes 6.0.3 or later. 


Certifier Password 


cert-pwd 


As an attribute to an 
<add> event element 


This tag specifies the Notes Certifier ID password to 
be used with the certifier 1D file. The password value 
is passed in clear text. The Notes Certifier ID file and 
password are used to register user objects in the 
Notes Address Book. Overrides the default Notes 
Certifier ID file password parameter <cert-id- 
password> in the driver configuration. 


Certifier Password Key 
Name Reference 


named-cert-pwd 


As an attribute to an 
<add> event element 


This tag can be used instead of the Certifier 
Password <cert-pwd> tag. This tag specifies a 
named-password key name that holds the Notes 
Certifier ID password to be used with the certifier ID 
file that is used to register this user object in the 
Notes Address Book. The Notes Certifier ID file and 
password are used to register user objects in the 
Notes Address Book. Overrides the default Notes 
Certifier ID file password parameter <cert-id- 
password> in the driver configuration. 


Certifier Password 
Parameter Reference 


drv-param-cert- 
pwd 


As an attribute to an 
<add> event element 


This tag can be used instead of the Certifier 
Password <cert-pwd> tag. This tag specifies a driver 
parameter that holds the Notes Certifier ID password 
to be used with the certifier ID file that is used to 
register this user object in the Notes Address Book. 
The driver parameter tag can have any name, but its 
value indicates the password of the Certifer ID file. 
The referenced driver parameter can be a clear-text 
password or an encrypted named-password. The 
Notes Certifier ID file and password are used to 
register user objects in the Notes Address Book. 
Overrides the default Notes Certifier ID file password 
parameter <cert-id-password> in the driver 
configuration 
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Parameter 


Certify User Flag 


XML Tag 


certify-user 


Valid Use 


As an attribute to an 
<add> event element 


Description 


Applying this tag determines the behavior for the 
driver regarding Notes user account creation. Its 
value can be Yes or No. Yes indicates the driver will 
register this user in the Notes Address book by 
certifying the user (meaning creating an ID file for the 
user). 


Overrides the default Certify Users flag <cert-users> 
in the driver configuration. 


Create Mail File Flag 


create-mail 


As an attribute to an 
<add> event element 


This tag indicates whether the driver needs to create 
an e-mail account for this user. Its value can be Yes 
or No. Yes indicates the driver will attempt to create 
a Notes Mail database when adding (creating) this 
new user. Overrides the default Create Mail File flag 
<create-mail> in the driver configuration. 


Database Inheritance 
for Mail File Template 


mail-file-inherit-flag 


As an attribute to an 
<add> event element 


This tag specifies whether database structures 
based on a particular template are updated when that 
template is updated. Its value can be Yes or No. 


The default (the absence of this tag) is Yes, meaning 
True. 


You can override the default and set this tag to No or 
False if you don't want a change to a mail file 
template to affect existing database design. 


Delete Windows Group 


delete-windows- 
group 


As an attribute to a 
<delete 
class=“group”> event 
element. 


Specifies whether synchronized Windows groups 
should be deleted from Windows or not. The value is 
True or False. Domino has its own capability of 
synchronizing users and groups with Windows 
systems. When the Notes Driver shim utilizes 
AdminP to delete a group, the request can also 
indicate that this deletion should be synchronized 
with Windows. By default this attribute is set to False. 
Example: delete-windows-group="True”. Requires 
Notes 6.0.3 or later. 


Delete Windows User 
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As an attribute to a 
<delete class=“user’> 
event element. 
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Specifies whether synchronized Windows users 
should be deleted from Windows or not. The value is 
True or False. Domino has its own capability of 
synchronizing users and groups with Windows 
systems. When the Notes Driver shim utilizes 
AdminP to delete a user, the request can also 
indicate that this deletion should be synchronized 
with Windows. By default this attribute is set to False. 
Example: delete-windows-user="True”. Requires 
Notes 6.0.3 or later. 


Parameter 


Deny Access Group ID 


XML Tag 


deny-access- 
group-id 


Valid Use 


As an attribute to a 
<delete> event 
element. 


Description 


Specifies the Notes deny access group UNID for a 
delete event. When the Notes Driver shim utilizes 
AdminP to delete users from Notes, it has the 
capability to attach a deny access group name to that 
AdminP delete user request, so the deleted user’s 
name is inserted as a member of the specified deny 
access group. An alternate attribute is deny-access- 
group-name. Example: deny-access-group-id=" 
7EFB951A3574521F87256E540001F 140”. 
Requires Notes 6.0.3 or later. 


Deny Access Group 
Name 


deny-access- 
group-name 


As an attribute to a 
<delete> event 
element. 


Specifies the Notes deny access group name for a 
delete event. When the Notes Driver shim utilizes 
AdminP to delete users from Notes, it has the 
capability to attach a deny access group name to that 
AdminP delete user request, so the deleted user’s 
name is inserted as a member of the specified deny 
access group. An alternate attribute is deny-access- 
group-id. Example: deny-access-group-name="Deny 
Access”. Requires Notes 6.0.3 or later. 


Domino Console 
Command 


tell-adminp- 
process 


As an attribute to an 
<add>, <modify>, 
<move>, <delete> 
event element. 


Specifies the Domino console command to perform 
after an AdminP request has been performed by the 
Notes driver shim. For Domino console commands to 
succeed, the Notes Driver user must have 
appropriate Domino Console privileges granted. 
Example: tell-adminp-process="tell adminp process 
new”. Requires Notes 6.0.3 or later. 


See the instructions in “Tell AdminP Commands” on 
page 63. 


Driver Parameter Old 
Certifier ID 


drv-param-old- 
cert-id 


As an attribute to a 
<move> event 
element. 


Specifies the driver parameter holding the old 
certifier 1D file name required to move a user in Notes 
from an old certifier to a new certifier. The value is the 
driver parameter tag. An alternate to this attribute is 
old-cert-id. This attribute should be used in 
conjunction with certifier-name, old-cert-pwd or one 
of its alternates, cert-id or its alternate, and cert-pwd 
or one of its alternates. Example: drv-param-old-cert- 
id=“mktg-cert-id-file’. Requires Notes 6.0.3 or later. 


Driver Parameter Old 
Certifier Password 


drv-param-old- 
cert-pwd 


As an attribute to a 
<move> event 
element. 


Specifies the driver parameter holding the password 
for the old certifier ID file required to move a user in 
Notes from an old certifier to a new certifier. The 
value is the driver parameter tag. An alternate to this 
attribute is named-old-cert-pwd or old-cert-pwd. This 
attribute should be used in conjunction with certifier- 
name, old-cert-id or one of its alternates, cert-id or 
one of its alternates, and cert-pwd or one of its 
alternates. Example: drv-param-old-cert-pwd=“mktg- 
cert-id-password”. Requires Notes 6.0.3 or later. 
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Parameter 


Enforce Unique Short 
Name 


XML Tag 


enforce-unique- 
short-name 


Valid Use 


As an attribute to an 
<add> event element. 


Description 


Specifies whether to enforce uniqueness of short 
names when registering a new user in Notes. The 
value is True or False. The default is False. If 
specified as True, and the Notes user registration 
process determines that the short name for the new 
user already exists, then the new user information is 
overlaid onto the existing Notes user of the same 
short name, thereby preventing the existence of a 
duplicate short name. Example: enforce-unique- 
short-name="True”. Requires Notes 6.0.3 or later. 


Extended OU 


extended-ou 


As an attribute to an 
<add> event element 


The value of the tag is appended to the generated 
DN based on the selected certifier when registering a 
user. 


Extended OU 


extended-ou 


As an attribute to an 
<add> event element 


The value of the tag is appended to the generated 
DN based on the selected certifier when registering a 
user. 


Group Membership 
Removal 


remove-all-group- 
membership 


As an attribute to a 
<modify> or <delete> 
event element. 


This tag indicates that this user object should be 
removed from the membership list of all groups in the 
Notes database, except for groups of type "Deny 
List" (GroupType=3). Valid values are Yes and No. 
The absence of this tag defaults to No This tag only 
applies to person (user) objects in the Notes Address 
Book. 


ID File Name 


user-id-file 


As an attribute to an 
<add> event element 


This tag specifies the filename to be used for the 
user's ID file. The filename does not include the file 
path. When this tag is absent, a default filename is 
generated by the Notes driver using the first and last 
name attributes of the user (FirstNameLastName.id). 


ID File Path 


user-id-path 


As an attribute to an 
<add> event element 


This tag specifies the file path to the Notes User ID 
file storage location to be used when creating the 
user's ID file. The new ID file is placed in this 
location. The full path of the folder should be 
represented with respect to the operating system 
hosting Domino. Overrides the default Notes User ID 
certificate location parameter <cert-path> in the 
driver configuration. 


Immediate 


immediate 


As an attribute to a 
<delete> event 
element. 


Specifies whether a delete event performed by 
AdminP immediately deletes a user from the Notes 
Address Book (NAB), or waits until the AdminP 
request is processed at its scheduled interval. The 
specified value should be True or False. The default 
is False. Example: immediate="True”. Requires 
Notes 6.0.3 or later. 


InternetAddress 


InternetAddress 


As an <add-value> 
child element of an 
<add> event. 


This element specifies the user's Internet e-mail 
address in the Notes Address Book. 
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Parameter 


XML Tag 


Valid Use 


Description 


Language of Alternate 
Full Name 


AltFullNameLangu 
age 


As an <add-value> 
child element of an 
<add> event. 


This element specifies the language used for the 
Alternate Full Name when registering a new user. 
Like other user attributes, this can be synchronized 
using an attribute in eDirectory or inserted in a style 
sheet. See the Lotus Notes documentation for 
information on setting AltFullNameLanguage for a 
user. 


Mail File Size Quota 


mail-file-quota 


As an attribute to an 
<add> event element 


This tag specifies the value of the mail file quota (size 
in MegaBytes), that is applied to the e-mail database 
file when it is created. 


Mail File Size Quota 


mail-file-quota 


As an attribute to an 
<add> event element 


This tag specifies the value of the mail file quota (size 
in KB) that is applied to the e-mail database file when 
it is created. 


Mail Server mail-server As an attribute to an Specifies the mail server to be used to create a 

<add> event element.  mailfile for a new user. This attribute overrides the 
value specified in the driver parameters. Example: 
mail-server=“CN=ms2/O=acme” 

Mail System mail-system As an attribute to an Specifies the mail system type set for the new user 
<add> event element. being created. Valid values are NOTES, POP, 

INTERNET, OTHER, NONE. The default value is 
NOTES. Requires Notes 6.0.3 or later. 

MailDomain MailDomain As an <add-value> This element specifies the name of the Notes Mail 
child element of an Domain when creating an e-mail database file. 
<add> event. 

MailFile MailFile As an <add-value> This element specifies the filename to be used when 


child element of an 
<add> event. 


creating the user's e-mail database file. The filename 
does not include the file path. When this tag is 
absent, a default filename is generated by the Notes 
driver using the first and last name attributes of the 
user (FirstNameLastName.nsf). 


MailFile ACL control 


mailfile-acl-level 


As an attribute to an 
<add> event element 


The default ACL setting for the newly created mail file 
of newly created user objects. Valid values are: 
NOACCESS, DEPOSITOR, READER, AUTHOR, 
EDITOR, DESIGNER, and MANAGER. Values can 
be specified either as the Java ACL constant or the 
role name”. This attribute should be added in the 
same rule where the certification attributes are 
calculated and set and it should be added using the 
same XSL constructs. Overrides the default Mail File 
ACL Level parameter <mailfile-acl-level> in the driver 
configuration. 
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Parameter 


XML Tag 


Valid Use 


Description 


MailFile ACL control 


mailfile-acl-level 


As an attribute to an 
<add> event element 


The default ACL setting for the newly created mail file 
of newly created user objects. Valid values are: 
NOACCESS, DEPOSITOR, READER, AUTHOR, 
EDITOR, DESIGNER, and MANAGER. Values can 
be specified either as the Java ACL constant or the 
role name’. This attribute should be added in the 
same rule where the certification attributes are 
calculated and set and it should be added using the 
same XSL constructs. Overrides the default Mail File 
ACL Level parameter <mailfile-acl-level> in the driver 
configuration. 


Mailfile ACL Manager ID 


mail-acl-manager- 
id 


As an attribute to an 


<add> event element. 


Specifies the UNID of a user to be given manager 
credentials on the ACL of the mailfile of the newly 
created user. An alternate is mail-acl-manager- 
name. Example: mail-acl-manager-id=* 
BB888BB0C35D13EC87256EA8006296CE” 


Mailfile ACL Manager 
Name 


mail-acl-manager- 
name 


As an attribute to an 


<add> event element. 


Specifies the name of a user to be given manager 
credentials on the ACL of the mailfile of the newly 
created user. An alternate is mail-acl-manager-id. 
Example: mail-acl-manager-name="CN=Notes 
Admin/O=acme”. 


Mailfile Action 


mail-file-action 


As an attribute to a 
<delete> event 
element. 


Specifies the AdminP action to perform on the 
mailbox of a deleted user. This action is included in 
an AdminP user delete request. Acceptable values 
are ALL, HOME, and NONE. The default value is 
NONE. ALL indicates to delete the mailbox on the 
home mail server and all mailbox replicas. HOME 
indicates to delete the mailbox on only the home mail 
server. All AdminP delete mailbox requests must be 
approved by a Domino Administrator before they are 
performed. Example: mail-file-action=“ALL’. 
Requires Notes 6.0.3 or later. 


Mailfile Quota Warning 
Threshold 


mail-quota- 
warning-threshold 


As an attribute to an 


<add> event element. 


Specifies the value of the mail file quota warning 
threshold (size in kilobytes), that is applied to the e- 
mail database file when it is created. Example: mail- 
quota-warning-threshold="120000” 


Mailfile Subdirectory 


mail-file-subdir 


As an attribute to an 


<add> event element. 


Specifies the subdirectory below the Domino server's 
data directory where the mailfile of a new user should 
be created. Example: mail-file-subdir=“mail-dbs” 


MailFileTemplate 


mailfile-template 


As an attribute to an 
<add> event element 


This tag specifies the filename of the .ntf database 
template to use when creating the user's new mail file 
for an e-mail account. This template must be 
accessible to the Domino server in the Domino data 
folder. Overrides the default Mail File Template 
<mailfile-template> in the driver configuration. 


MailServer MailServer As an <add-value> This element specifies the name of the Notes Server 
child element of an where the mail file should be created when creating 
<add> event. an e-mail account (mail database file). 
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Parameter 


Name Expiration Date 


XML Tag 


name-expire-date 


Valid Use 


As an attribute to a 
<modify> event 
element. 


Description 


Specifies the specific date when an old user name 
will expire after a move user is performed by AdminP. 
This attribute only has effect when moving non- 
certified (web) users. This attribute can be applied to 
override the default expiration term of 21 days. The 
date format should be specified in text using the 
appropriate format of the locale of the Domino 
Server. For example, in English, name-expire- 
date="1 July 2010”. An alternate to this attribute is 
name-expiration-days. Requires Notes 6.0.3 or later. 


Name Expiration Days 


name-expiration- 
days 


As an attribute to a 
<modify> event 
element. 


Specifies the specific number of days an old user 
name can be used before expiration after a move 
user is performed by AdminP. This attribute only has 
effect when moving non-certified (Web) users. This 
attribute can be applied to override the default 
expiration term of 21 days. An alternate to this 
attribute is name-expiration-date. Example: name- 
expiration-days="14”. Requires Notes 6.0.3 or later. 


Name Expiration Days 


name-expiration- 
days 


As an attribute to a 
<modify> event 
element. 


Specifies the specific number of days an old user 
name can be used before expiration after a move 
user is performed by AdminP. This attribute only has 
effect when moving non-certified (web) users. This 
attribute can be applied to override the default 
expiration term of 21 days. An alternate to this 
attribute is name-expiration-date. Example: name- 
expiration-days="14”. Requires Notes 6.0.3 or later. 


Named Old Certifier 
Password 


named-old-cert- 
pwd 


As an attribute to a 
<move> event 
element. 


Specifies the named password for the old certifier ID 
file required to move a user in Notes from an old 
certifier to a new certifier. The value is the named 
password to be retrieved from the driver 
configuration. An alternate to this attribute is drv- 
param-old-cert-pwd or old-cert-pwd. This attribute 
should be used in conjunction with certifier-name, 
old-cert-id or one of its alternates, cert-id or one of its 
alternates, and cert-pwd or one of its alternates. 
Example: named-old-cert-pwd="mktgNamedPwo”. 
Requires Notes 6.0.3 or later. 


No ID File 


no-id-file 


As an attribute to an 


<add> event element. 


Specifies whether the Notes registration process 
creates an ID file for the new user. The value is True 
or False. The default is False. Example: no-id- 
file="True”. Requires Notes 6.0.3 or later. 


Notes Explicit Policy 
Name 


notes-policy-name 


As an attribute to an 


<add> event element. 


Specifies an explicit policy name to attach to a user 
when the user is registered. This attribute does not 
execute Notes registration policies, or any other 
policies at registration time. Requires Notes 6.0.3 or 
later. 


Notes HTTP Password 


HTTPPassword 


As an <add-value> 
child element of an 
<add> or <modify> 
event. 


This element specifies the user's Web (HTTP) 
password for Notes. This setting is ignored if the 
Allow HTTP Password Set parameter <allow-http- 
password-set> is set to No (or False) 
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Parameter XML Tag 


Valid Use 


Description 


Notes Minimum 
Password Length 


minimum-pwd-len 


As an attribute to an 
<add> event element 


This tag specifies a minimum password length to 
apply to the User ID file of newly registered users. 
Value can be 0 - 16. Overrides the default Notes User 
ID minimum password length parameter <minimum- 
pwd-len> in the driver configuration. 


Notes Password user-pwd 


As an attribute to an 
<add> event element 


The user's Notes password used to create the user's 
ID file (certifier). Overrides the default Notes 
Password parameter <default-password> in the 
driver configuration. 


Notes Password 
Change Interval 


notes-password- 
change-interval 


As an attribute to an 
<add>, or <modify> 
event element. 


Specifies a Notes user's password change interval. 
The value of this attribute is a number. The change 
interval specifies the number of days at which the 
user must supply a new password. The value 
defaults to zero. When this attribute is attached to a 
user add or modify event, an AdminP 'Set Password 
Information’ request is generated. Example: notes- 
password-change-interval="120”. Requires Notes 
6.0.3 or later. 


Notes Password Check 
Setting 


notes-password- 
check-setting 


As an attribute to an 
<add>, or <modify> 
event element. 


Specifies a Notes user's password check setting. 
When this attribute is attached to a user add or 
modify event, an AdminP ‘Set Password Information’ 
request is generated. Acceptable values are 
PWD_CHK_CHECKPASSWORD, 
PWD_CHK_DONTCHECKPASSWORD, and 
PWD_CHK_LOCKOUT. Example = notes- 
password-check-setting=“ 
PWD_CHK_CHECKPASSWORD”. Requires Notes 
6.0.3 or later. 


Notes Password Force 
Change 


notes-password- 
force-change 


As an attribute to an 
<add>, or <modify> 
event element. 


Specifies whether a Notes user is forced to change 
his or her password on next login. The value of this 
attribute is True or False. If set to True, the user is 
forced to change their password on next login. If set 
to False (default), the user is not forced to change the 
password on next login. When this attribute is 
attached to a user add or modify event, an AdminP 
‘Set Password Information’ request is generated. 
Example: notes-password-force-change="True”. 
Requires Notes 6.0.3 or later. 


Notes Password Grace 
Period 


notes-password- 
grace-period 


As an attribute to an 
<add>, or <modify> 
event element. 
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Specifies a Notes user's password grace period. The 
value of this attribute is a number. The grace period 
specifies the number of days an old password is valid 
after it has expired. The value defaults to zero. When 
this attribute is attached to a user add or modify 
event, an AdminP ‘Set Password Information’ 
request is generated. Example: notes-password- 
grace-period="10”. Requires Notes 6.0.3 or later. 


Parameter 


Old Certification ID 


XML Tag 


old-cert-id 


Valid Use 


As an attribute to a 
<move> event 
element. 


Description 


Specifies the old certifier ID file required to move a 
user in Notes from an old certifier to a new certifier. 
The value is the full path and filename of the old 
certifier ID file. An alternate to this attribute is drv- 
param-old-cert-id. 


This attribute should be used in conjunction with 
certifier-name, old-cert-pwd or one of its alternates, 
cert-id or one of its alternates, and cert-pwd or one of 
its alternates. Example: 
old-cert-id=“c:\lotus\domino\data\mktgcert.id”. 
Requires Notes 6.0.3 or later. 


Old Certification 
Password 


old-cert-pwd 


As an attribute to a 
<move> event 
element. 


Specifies the password for the old certifier ID file 
required to move a user in Notes from an old certifier 
to a new certifier. The value is the password string. 
An alternate to this attribute is drv-param-old-cert- 
pwd or named-old-cert-pwd. This attribute should be 
used in conjunction with certifier-name, old-cert-id or 
one of its alternates, cert-id or one of its alternates, 
and cert-pwd or one of its alternates. Example: old- 
cert-pwd=“mktg-password1”. Requires Notes 6.0.3 
or later. 


Recertify User 


recertify-user 


As an attribute to a 
<modify> event 
element. 


Causes a recertify user request to be sentto AdminP. 
The attribute value is specified as True or False. 
Proper certifier ID and password attributes (cert-id, 
cert-pwd, or equivalents) must be provided or the 
default certifier is applied to the AdminP 
recertification request. 


This attribute should be used in conjunction with cert- 
id or its alternate, and cert-pwd or one of its 
alternates. May be used in conjunction with expire- 
term or cert-expire-date elements for specify the new 
expiration term of the user's certifier. Example: 
recertify-user="True”. Requires Notes 6.0.3 or later. 


Registered Users in 
Notes Address Book 


update- 
addressbook 


As an attribute to an 


<add> event element 


This tag specifies if the driver puts registered user 
objects in the Notes Address Book. Setting the tag to 
Yes causes registered users to be placed in the 
address book. Setting the tag to No will cause users 
to be registered (that is, a certifier ID file is created for 
the user) without the user object being placed into the 
Notes Address Book. 


Overrides the default Update Address Book 
parameter <update-ab-flag> in the driver 
configuration. 


Roaming Cleanup 
Period 


roaming-cleanup- 
period 


As an attribute to an 


<add> event element. 


Specifies the Notes client’s cleanup interval in days 
for a roaming user when the roaming user’s cleanup 
setting is set to “CLEANUP_EVERY_NDAYS”. This 
attribute should be used in conjunction with roaming- 
user=“True”, and roaming-cleanup- 
setting="EVERY_NDAYS”. Example: roaming- 
cleanup-period="90”. Requires Notes 6.0.3 or later. 
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Parameter 


Roaming Cleanup 
Setting 


XML Tag 


roaming-cleanup- 
setting 


Valid Use 


As an attribute to an 


<add> event element. 


Description 


Specifies the roaming user cleanup process for 
Notes client data. Valid values are AT_SHUTDOWN, 
EVERY_NDAYS, NEVER, and PROMPT. Default 
value is NEVER. This attribute should be used in 
conjunction with roaming-user=“True”. Example: 
roaming-cleanup-setting="AT_SHUTDOWN”. 
Requires Notes 6.0.3 or later. 


Roaming Server 


roaming-server 


As an attribute to an 


<add> event element. 


Specifies the name of the Domino server to store the 
roaming user data. This attribute should be used in 
conjunction with roaming-user=“True”. Example: 
roaming-server="CN=myserver2/0=acme”. 
Requires Notes 6.0.3 or later. 


Roaming Subdirectory 


roaming-subdir 


As an attribute to an 


<add> event element. 


Specifies the subdirectory below the Domino server's 
data directory where user roaming data is stored. 
The last character of the value should be a file path 
separator (/ or 1). Example: roaming- 
subdir=“roamdata\”. Requires Notes 6.0.3 or later. 


Roaming User 


roaming-user 


As an attribute to an 


<add> event element. 


Specifies whether the Notes registration process 
creates this user with roaming capabilities. The value 
is True or False. The default is False. Example: 
roaming-user="True”. Requires Notes 6.0.3 or later. 


Store User ID File In 
Notes Address Book 


store-useridfile-in- 
ab 


As an attribute to an 
<add> event element 


This tag specifies if the driver attaches the user ID file 
for this user onto its user object in the Notes Address 
Book at registration time. Setting the tag to Yes 
causes this registered user object in the Notes 
Address Book to be created with an attached user ID 
file. Setting the tag to No causes this registered user 
object in the Notes Address Book to be created 
without an attached user ID file. Overrides the default 
Store UserID in Address Book parameter <store-id- 
ab-flag> in the driver configuration. 


Synchronize Internet 
Password 


sync-internet- 
password 


As an attribute to an 


<add> event element. 


Specifies whether a user’s Internet password 
(HTTPPassword) is synchronized to match the 
user’s Notes Client ID password, by means of the 
background processes of the Domino server. The 
value is True or False. The default is False. Example: 
sync-internet-password="True”. Requires Notes 
6.0.3 or later. 


User ID file certifier type 


cert-id-type 


As an attribute to an 
<add> event element 


This tag specifies the User ID file certifier type when 
user ID files are created at user registration time. 
Valid values are ID FLAT, ID_HIERARCHICAL, and 
ID_CERTIFIER. The absence of this tag sets the 
default certifier type of ID_HIERARCHICAL. 


User ID file Expiration 
Term 


expire-term 


As an attribute to an 
<add> event element 


This tag specifies the expiration term (specified in 
years) for the Notes User ID file of this user. 
Overrides the default Expiration Term parameter 
<expiration-term> in the driver configuration. 


1 ACL Description 
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Notes Java ACL Constant 
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NOACCESS 
DEPOSITOR 
READER 
AUTHOR 
EDITOR 
DESIGNER 


MANAGER 


ACL.LEVEL_NOACCESS 
ACL.LEVEL_DEPOSITOR 
ACL.LEVEL_READER 
ACL.LEVEL_AUTHOR 
ACL.LEVEL_EDITOR 
ACL.LEVEL_DESIGNER 


ACL.LEVEL_MANAGER 


Additional Sample Style Sheets 


Style sheets are XSLT documents that define transformations or modifications of XML 
documents. You can configure and create rules, policies, and style sheets using iManager. 


Identity Manager provides the following additional samples: 


+ 


NotesMoveSample.xml: This sample policy is a Publisher channel policy that contains logic 
to determine eDirectory™ object placement when an associated Notes object is moved. 


In the Import Drivers wizard, this policy is named Notes - Move Sample and is available under 
the Additional Policies heading. See “Determining eDirectory Object Placement When a 
Notes Object is Moved” on page 37. 


NotesReturnEmail.xml: This sample policy is a Command Transformation policy designed 
to generate an e-mail address for user Add events on the Subscriber channel. 


It is necessary only when upgrading the driver shim and configuration from 1.x to 2.x. (The 
policy is already a part of the sample configuration provided with the 2.1 version of the 
driver.) 


In the Import Drivers wizard, this policy is named Notes - Return Email Address and is 
available under the Additional Policies heading. See “Importing a Policy to Write Back the 
Notes E-mail Address for New Users” on page 33. 


Cert.xsl: An Output Transformation style sheet that contains logic to determine which Notes 
certifier to use based on the src-dn attribute on the <add> tag. 


See “Automatically Determining Which Certifier to Use” on page 39 for more information. 


Override.xsl. Shows an example of how to use attributes to override parameters. See the list 
in “Overriding Driver Parameters” on page 47. 


Placemove.xsl: An Input Transformation style sheet that contains logic to determine 
placement containment when synchronizing a move from Lotus Notes to eDirectory. 


See “Determining eDirectory Object Placement When a Notes Object is Moved” on page 37 
for more information. 


AddUniqueName.xsl. Simple example of how a unique name can be created for a Notes user. 


EntitlementGrpCmdCompletionSS.xsl. If you choose to use Role-Based Entitlements 
when importing the sample configuration, this style sheet is included. This is an example of 
how to process the payload of an <operation-data> element. 


NotesCertifierSelectionSampleSS.xsl. Based on Cert.xsl, this shows an enhanced sample of 
how to utilize multiple Notes certifiers. It demonstrates using named passwords in multiple 
ways. See “Automatically Determining Which Certifier to Use” on page 39 and “Using 
Named Passwords” on page 39. 


NOTE: Most of these are located in the product distribution in nt/dirxml/drivers/lotusNotes/rules. Some of them 
are used in the sample driver configuration. 
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Synchronizing a Database Other Than Names.nsf 


Although the driver is intended as a directory synchronization driver for the Notes directory, it is 
possible to configure the driver to use a Notes database other than names.nsf. In this case, you need 
to make sure that the Schema Mapping policy is appropriate for the schema in the target database. 


Schema Mapping Type and Form 


In a Notes names and address book, each document contains a Type field as well as a Form field. 
The Type field supports the LDAP Server on Notes by providing a class name. The Form field is 
a standard Notes document field that indicates which form should be used to display the document. 
The Form item is not required, and if it is not present, the Notes client uses a default form. 


Identity Manager does not provide the ability to map a single DS attribute to multiple target 
application attributes. This means that the Schema Mapping policy can’t be used to map the object 
class to Form and Type. To handle this, the Driver Configuration asks if the directory database is 
really a Notes directory. If it is, the class name on DSEntry (translated into the Notes namespace) 
is used as the value for Type. 


The object-class attribute on the DSAttribute object can be used to update the Form item if 
specified in the Schema Mapping policy. This provides a way to set both of those attributes, as well 
as providing mappings to allow the Type and Form values to differ. If the Schema Mapping policy 
contains a mapping between an eDirectory attribute and Form, it might be necessary to translate 
the content of the eDirectory attribute. This can be done by using an Output Transform policy. 
Conversely, an Input Transform policy is used to translate content from the Notes namespace to 
the eDirectory namespace. 


If the directory source is not a Notes Directory, no Type item is written by the driver. Instead, the 
Class Name attribute is written to the Form item. Ifa Form item appears in the filter, the driver and 
ndsrep will ignore it. 


If the driver is configured against the Notes directory, the translated values for classname are 
written to a Type item in the Notes database, and Form can be included in the Schema Mapping 
policy. If the driver is configured against a Notes database other than the directory, the translated 
values for classname are written to a Form item in the Notes database, and Form might not be 
included in the Schema Mapping policy. 


Move/Rename 
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Move and Rename events are not supported in the default configuration. However, you can 
synchronize a Move or Rename event in Notes across the Publisher channel and into eDirectory if 
you modify the default Schema Map and the default Publisher Filter, and add a policy. 


In addition, you can synchronize a Move or Rename event on the Subscriber channel if you have 
Notes 6.0.3 or later, enable AdminP support, and add policies that provide the necessary attributes. 


In this section: 
¢ “Subscriber Channel” on page 61 
+ “Publisher Channel” on page 62 


+ “Considerations for Using AdminP” on page 62 
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Subscriber Channel 


In this section: 


+ 
+ 


+ 


Moving a User 


“Moving a User” on page 61 
“Modifying a User Name in eDirectory (a Rename Event in Notes)” on page 61 


“Renaming a Group” on page 62 


Make sure you are using Notes 6.0.3 or later and have reviewed “Considerations for Using 
AdminP” on page 62. 


Make sure you have turned on support for the AdminP process, by adding the following 
parameter to the Subscriber Options in the driver parameters: 


<allow-adminp-support display-name=“Allow Domino AdminP Support”>True</ 
allow-adminp-support> 


See Allow Domino AdminP Support in “Subscriber Options” on page 42. 
Create driver policies that add the following attributes to the move event: 
+ The certifier name of the destination certifier in Notes. 


+ The certifier ID and a password for the destination certifier in Notes (the certifier that the 
user is going to) 

+ The old certifier ID and password for the source certifier in Notes (the certifier that the 
user is coming from) 


A sample of a command to the driver shim that moves a user is included in “Sample of Moving 
a User” on page 72. 


Modifying a User Name in eDirectory (a Rename Event in Notes) 


When a user’s given name, middle initial, or surname changes in eDirectory, this event can cause 
the Rename of an object in Lotus Notes. If you have Notes 6.0.3 or later with AdminP support 
enabled, you can perform the Rename in Notes. 


1 


2 


Make sure you are using Notes 6.0.3 or later and have reviewed “Considerations for Using 
AdminP” on page 62. 


Make sure you have turned on support for the AdminP process, by adding the following 
parameter to the Subscriber Options in the driver parameters: 


<allow-adminp-support display-name=“Allow Domino AdminP Support”>True</ 
allow-adminp-support> 


See Allow Domino AdminP Support in “Subscriber Options” on page 42. 


Create driver policies that provide the correct certifier and password for the Notes user that is 
being renamed. 


If a certifier and password are not specified in the event, the default certifier and password 
specified in the driver parameters are used. 


A sample of a command to the driver shim that renames a user is included in “Sample of 
Renaming: Modifying a User Last Name” on page 71. 
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Renaming a Group 


If you have Notes 6.0.3 or later with AdminP support enabled, you can rename groups. Rename 
events from eDirectory for groups do not require you to create any additional driver policies. 


Rename events from eDirectory can be applied only to group objects in Notes. (For users, the 
driver shim uses an appropriate modify event to rename a user in Notes, as described in 
“Modifying a User Name in eDirectory (a Rename Event in Notes)” on page 61.) 


1 Make sure you are using Notes 6.0.3 or later and have reviewed “Considerations for Using 
AdminP” on page 62. 


2 Make sure you have turned on support for the AdminP process, by adding the following 
parameter to the Subscriber Options in the driver parameters: 


<allow-adminp-support display-name=“Allow Domino AdminP Support”>True</ 
allow-adminp-support> 


See Allow Domino AdminP Support in “Subscriber Options” on page 42. 


Publisher Channel 


To enable the one-way object move/rename synchronization: 
1 Modify the schema mapping to map eDirectory Full Name to Notes FullName. 
2 Enable the Full Name attribute in the Publisher filter. 
3 Make sure that the Full Name attribute in the Subscriber filter is not enabled. 
4 Make sure that the Public/Private AB setting is Yes in the driver configuration parameters. 


5 Use a policy in your driver configuration like the one described in “Determining eDirectory 
Object Placement When a Notes Object is Moved” on page 37. 


After these modifications have been made, ndsrep detects changes to FullName. Because 
FullName contains both name and location information in a single attribute, ndsrep cannot 
distinguish between a Move and a Rename. Therefore, a change to FullName initiates both a Move 
and a Rename event to be synchronized into eDirectory. 


Considerations for Using AdminP 


AdminP support provides several new features, but to use them effectively you must keep in mind 
the following: 


+ You need to have an understanding of AdminP and of Notes administration. 


+ A success message returned to the driver for an AdminP request means only that the request 
was successfully received by AdminP, not that it was completed successfully. 


+ AdminP requests made by the driver are not completed until AdminP attempts the action. The 
timing depends on the configuration ofthe Administration Process by the Notes administrator, 
the Domino server network, and the complexity of the action requested. 


+ Some AdminP requests require manual approval by the Notes administrator before they are 
completed. 


+ AdminP requests typically include the FullName of the Notes user (or ListName for a group). 
The driver sends requests based on the FullName of the user at the time the request was 
initiated, but AdminP does not necessarily complete the request right away, and other requests 
that affect the FullName of the same user object might be waiting to be processed. If the 
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FullName of the user is changed by a request, a subsequent request might fail because 
AdminP can’t find the user. 


For example, consider this scenario: 


+ You send a request from the driver to change a user's first name in Notes, and you use the 
AdminP feature to also rename the user object (changing FullName). 


+ You immediately send a second request from the driver to change the same user's last 
name in Notes and also rename the user object (changing FullName). 


Both requests are received by AdminP. Both requests refer to the user with the same 
FullName. At midnight, AdminP begins processing the requests. The first one succeeds. 
However, the second one fails because the FullName was changed by the first request. 


To help you use AdminP effectively, the following features are provided: 


+ You can cause the driver to send commands directly to the Domino Console. For example, you 
can issue a command to process all AdminP requests immediately. See “Tell AdminP 
Commands” on page 63, and Domino Console Command in “Overriding Driver Parameters” 
on page 47. 


+ You can enable or disable AdminP support for an individual command. See Allow AdminP 
Support in “Overriding Driver Parameters” on page 47. 


Tell AdminP Commands 


When the driver issues a request to the Domino AdminP process, these requests are delayed until 
the AdminP process completes them. (Refer to Notes documentation for information about 
administration processing intervals.) 


If desired, you can attach a “tell-adminp-process” attribute to an event. If the event contains 
AdminP tasks that need to be performed, the command you specify is sent to the Domino server 
console. The attribute is described in Domino Console Command in “Overriding Driver 
Parameters” on page 47. 


For example, when sending a Move user event, you could include the following attribute on the 
move event: 


tell-adminp-process="tell adminp process new" 


This example command causes the driver to request the AdminP process to process all the new 
tasks, which would include the move that was requested in that event. 


To use tell-adminp-process commands: 
1 Make sure you are using Notes 6.0.3 or later. 


2 Make sure you have turned on support for the AdminP process, by adding the following 
parameter to the Subscriber Options in the driver parameters: 


<allow-adminp-support display-name=“Allow Domino AdminP Support”>True</ 
allow-adminp-support> 


See Allow Domino AdminP Support in “Subscriber Options” on page 42. 


3 Make sure the Notes user for the driver has rights to send commands to the Domino server 
console. 


4 Make sure that the event contains AdminP tasks. 


Customizing the Driver 63 


64 


The tell-adminp-process command is sent only if AdminP tasks need to be performed as part 
of the event. 


Use the correct syntax. 


Samples of using tell-adminp-process commands are included in Appendix B, “Samples for 
New Features,” on page 69. 


To find out whether the AdminP request was completed successfully, use Lotus Notes tools 
such as the Domino Administrator. 


Completion of a command by the Notes driver shim involving an AdminP request does not 
mean that the command has been successfully completed. It means only that the request has 
been made to AdminP. 


For example, the driver might successfully make a request to AdminP to move a user. 
However, if incorrect certifiers were specified in the event, the move would fail when the 
AdminP process attempts it. 
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Using the Movecfg.exe Utility 


The movecfg.exe utility is a Windows console command line utility to be utilized when upgrading 
the DirXML® Driver for Lotus Notes 1.x to version 2.1. It is installed if you select the option to 
install utilities during Nsure™ Identity Manager installation. 


The movecfg.exe utility is used to move specific DirXML Driver for Lotus Notes 1.x parameters 
from the Windows registry to the DirXML Driver for Lotus Notes 2.x parameters location in 
eDirectory. 


If you have multiple instances of ndsrep, you must run movecfg.exe once for each one, using the 
-ndsrep parameter. 


With version 2.1 of the DirXML Driver for Lotus Notes, the ndsrep Domino add-in process reads 
configuration parameters from a Lotus Notes database (dsrepcfg.nsf). Prior to version 2.0, these 
parameters were stored in the Windows registry 

(HKEY LOCAL MACHINE\SOFTWARE\NOVELL\VRD\DOMINO). 


This utility attempts to move the necessary parameters from the Windows registry to the Lotus 
Notes Driver object (that is being upgraded) in eDirectory. It also attempts to place the 
LastEventTimeStamp for ndsrep that is stored in the registry into a Lotus Notes database 
(dsrepcfg.nsf). The LastEventTimeStamp is not stored as a driver parameter in eDirectory. For this 
reason it is placed directly into the ndsrep configuration database (dsrepcfg.nsf). 


You can use a batch file such as the example provided in “Example Batch File to Use” on page 66. 
In this section: 

“Prerequisites” on page 65 

+ “Example Batch File to Use” on page 66 

+ “Using the Movecfg.exe Utility” on page 67 


+ “Troubleshooting” on page 68 


NOTE: This utility is not localized for specific languages. All parameter descriptions that are imported into a 
specified driver are in English. 


Prerequisites 
+ DirXML utilities installed. The movecfg.exe utility is installed only if you select the Utilities 
option during DirXML install. 


+ Run movecfg.exe from the Domino Server machine. The movecfg.exe utility should be 
executed from the same Domino Server that launches ndsrep. 


+ Domino Server active. The Domino Server must be up and running. 


+ LDAP access to eDirectory. LDAP access is required to eDirectory. User name (in LDAP 
form) and password must be passed as parameters to movecfg. Ifa password is not passed, 
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movecfg will prompt for it. The password is not encrypted, so clear text passwords must be 
accepted by the LDAP server, or the LDAP server bind will fail. 


Lotus Notes ID file password. When the movecfg utility attempts to create (or update) the 
ndsrep configuration database (dsrepcfg.nsf), it prompts for the Lotus Notes password of the 
Notes ID file that last accessed the Domino server (or possibly client) from this machine (this 
Notes ID file is referenced from the notes.ini file). If this password is entered correctly, the 
ndsrep configuration database (dsrepcfg.nsf) can then be appropriately updated with the 
LastEventTimeStamp copied from the ndsrep configuration in the registry. For dsrepcfg.nsf 
to be intially created by movecfg.exe, dsrepcfg.ntf (which is distributed with the DirXML 
Driver 2.0 for Lotus Notes) must be available to the Domino Server (at 
c:\Lotus\Domino\Data\dsrepcfg.ntf). 


Multiple Lotus Notes driver instances. If you have more than one Lotus Notes driver 
connected to the same Domino server, movecfg.exe must be run once for each instance of the 
Lotus Notes driver that is being converted. To convert Lotus Notes Driver paramters which 
are not the default driver paremters (but are the 2nd, 3rd, 4th, etc. Notes driver parameters) 
the -ndsrep parameter must be utilized. 


Example Batch File to Use 


You can run the movecfg.exe utility with a batch file like the following example: 


@echo off 


REM 


REM 


setlocal 


REM echo on 


REM SAMPLE CALL 1 


REM *** www KKK KK KK KK OK KKK KK eK KK KKK KK KK KK KK Ke 


REM Name: MoveCfglto2.bat 
REM Description: Sample batch file to demonstrate the usage and launch parameters 


REM of movecfg.exe 
REM See movecfg.txt for descriptions of movecfg.exe usage parameters 
REM 


REM Copyright (C) 2003-2004 Novell, Inc., All Rights Reserved 


REM *x** www KKK KK KK KK RK KK KK KK KK KK KK KK OK KK KK KK KK 


call movecfg.ex host server.acme.com -port 389 -edir-dn cn=admin,o=acme -edir-pwd acmePass 


driverDN cn=NotesDriver,cn=DriverSetl,o=acm noteSvr cn=Dominol/o=acme -timeout 15 


REM SAMPLE Call 2: When converting a second or third Notes driver on the same machine, use the 


-ndsrep parameter 


REM call movecfg.exe 


host server.acme.com -port 389 -edir-dn cn=admin,o=acme -edir-pwd 


acmePass -driverDN cn=Notes2Driver, cn=DriverSetl,o=acm noteSvr cn=Dominol/o=acme -timeout 15 


ndsrep Notes2Driver 
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Using the Movecfg.exe Utility 


movecfg -host <ldap host name/address> -port <port number> -edir-dn 
<login dn> -edir-pwd <password> -driverDN <driverDN> -noteSvr 


<Domino Server Name> [-ndsrep] <NDSR 


[-£] <ndsrep config db> 


Example: 


EP instance name> [-timeout] <timeout> 


movecfg -host ldapsvr.mycompany.com -port 389 -edir-dn cn=admin, o=MyOrg 


edir-pwd secret -driverDN cn=myDriver, cn=MyOrgUnit,O=MyOrg -noteSvr 


CN=MyDomino/O=MyOrg 


Parameter Name 


-host <Idap host name/address> 


-port <port number> 


-edir-dn <login dn> 


-edir-pwd <password> 


-driverDN <driverDN> 


-noteSvr <Domino Server 
Name> 


[-ndsrep] <NDSREP instance 
name> 


[-timeout] <timeout> 


[-f] <ndsrep config db> 


Required or Optional Description 


Required 


Optional 


Required 


Optional 


Required 


Required 


Optional 


Optional 


Optional 


The DNS host name or the IP address of the 
LDAP host of the eDirectory Server. 


LDAP port of the LDAP host specified by the - 
host parameter. 


Default = 389 


The fully qualified LDAP distinguished name 
of the eDirectory user that updates the driver 
configuration. It must be in LDAP form. 


Example: cn=DirXMLAdmin,cn=eng,o=acme 


The password matching the user object 
specified by the -edir-dn login object. If a 
password is not supplied, a password prompt 
is presented. 


The fully qualified LDAP distinguished name 
of the driver that needs its parameters 
updated. It must be in LDAP form. 


Example: 
cn=NotesDriver1,cn=DirXMLDriverSet,o=ac 
me 


The Domino Server Name. 


Example cn=NoteSrv/o=acme 


The name of the Driver configuration instance 
to be stored in the ndsrep configuration 
database (dsrepcfg.nsf). By default this is set 
to the relative distinguished name of the 
Driver (such as NotesDriver1). 


The timeout value when attempting to connect 
and communicate with the LDAP host. 


The name of the ndsrep configuration 
database. 


Default = dsrepcfg.nsf 
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Troubleshooting 


If the movecfg utility is not successful in updating your outdated Lotus Notes Driver 
configuration, try following the manual process outlined here. 


4 Shut down the Domino Server where ndsrep is launched. 
2 Shut down the DirXML Driver for Lotus Notes that is to be upgraded. 


3 Copy the following text from this document, and paste it into the <publisher-options> section 
of the Lotus Notes Driver configuration. 


<publisher-options> 


<polling-interval display-name="Polling Interval (in seconds) ">30</polling-interval> 
<loop-detect-flag display-name="Enable Loop Back Detection">Yes</loop-detect-flag> 
<schedule-units display-name="NDSREP Schedule Units">SECONDS</schedule-units> 
<schedule-value display-name="NDSREP Schedule Value">30</schedule-value> 

<dn-format display-name="DNFormat">SLASH</dn-format> 

<check-attrs-flag display-name="Check Attributes?">Yes</check-attrs-flag> 
<write-timestamps-flag display-name="Write Time Stamps?">No</write-timestamps-flag> 


</publisher-options> 
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4 Use the regedit utility on Windows to view each ndsrep configuration value. The regedit key 
values are under \HKEY LOCAL MACHINE\SOFTWARE\NOVELL\VRD\DOMINO. 


Update the new Lotus Notes Driver publisher-options configuration values to match the 
corresponding values stored within the Windows registry. 


5 Start the Lotus Notes Driver and the Domino Server. 
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Samples for New Features 


The driver supports using AdminP process such as Delete, Move, and Rename. These features 
require you to use Notes 6.0.3 or later, turn on AdminP support for the driver (see Allow Domino 
AdminP Support in “Subscriber Options” on page 42), and make changes to your driver policy. 


The driver also supports sending commands to the Domino server console. 


This section provides examples of the event produced by the DirXML® engine, and the command 
that must be given to the driver shim. Policy samples are not provided, but the example shows how 


the event must be transformed and shows attributes that need to be provided by policies. 


Refer to “Move/Rename” on page 60 and “Tell AdminP Commands” on page 63 for more 
information. 


In this section: 
+ “Sample of Adding a User” on page 69 
+ “Sample of Renaming: Modifying a User Last Name” on page 71 
+ “Sample of Moving a User” on page 72 
+ “Sample of Deleting a User” on page 73 


+ “Sample of Sending a Command to the Domino Server Console” on page 74 


Sample of Adding a User 


This section shows a sample of the events when creating user John Doe in eDirectory™. 


In this section: 
+ “Add Event Produced by the DirXML Engine” on page 69 
+ “Add Event Received by the Notes Driver Shim” on page 70 


Add Event Produced by the DirXML Engine 


<nds dtdversion="2.0" ndsversion="8.x"> 
<source> 
<product version="2.0.5.38 ">DirXML</product> 
<contact>Novell, Inc.</contact> 
</source> 
<input> 
<add class-name="User" 
event—id="MYSERVER-NDS#20040603175534#1#1" 
qualified-src—dn="0=DirXML\OU=Notes\O0U=Users\OU=sales\CN=John Doe" 
src-dn="\mytree\DirxXML\Notes\Users\sales\John Doe" 
src-entry-id="38727"> 
<association state="pending"></association> 
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<add-attr attr-name="CN"> 

<value naming="true" timestamp="1086285300#20" type="string">John Doe</value> 
</add-attr> 
<add-attr attr-name="Surname"> 

<value timestamp="1086285300#3" type="string">Doe</value> 
</add-attr> 
<add-attr attr-name="Given Name"> 

<value timestamp="1086285334#1" type="string">John</value> 


</add- 
</add> 


</input> 
</nds> 


attr> 


Add Event Received by the Notes Driver Shim 


The required attributes are shown in bold. The optional attributes are shown in italics. 


<nds dtdversion="2.0" ndsversion="8.x"> 


<source> 
<product version="2.0.5.38">DirXML</product> 
<contact>Novell, Inc.</contact> 


-term="5" 


certify-user="Yes" 

class-name="Person" 

create-mail="Yes" 

dest-dn="cn=John Doe/ou=sales/o=dirxml" 
drv-param-cert-id="sales-cert-id-file" 
drv-param-cert-pwd="sales-cert-id-password" 
enforce-unique-short-name="No" 
event—id="MYSERVER-NDS#20040603175534#1#1" 
internet-password-force-change="Yes" 
mail-acl-level="MANAGER" 


mail-acl-manager-name="CN=Notes Driver/O=dirxml" 
mail-file-quota="120000" 
mail-quota-warning-threshold="100000" 
notes-password-change-interval="100" 
notes-password-check-setting="PWD_CHK_CHECKPASSWORD" 
notes-password-grace-period="5" 


notes-policy-name="/EmployeePolicy" 
qualified-src-—dn="0=DirXML\OU=Notes\OU=Users\OU=sales\CN=John 
roaming-cleanup-period="90" 
roaming-cleanup-setting="REG_ROAMING_CLEANUP_EVERY_NDAYS" 


roaming-server="cn=myserver/o=dirxml" 
roaming-subdir="RoaminglJohnDoe" 
roaming-user="Yes" 
src-dn="\mytree\DirxXML\Notes\Users\sales\John Doe" 


try-id="38727" 


sync-internet-password="Yes"> 


tr-name="FullName"> 


<value naming="true" timestamp="1086285300#20" type="string">John 


tr-name="LastName"> 


<value timestamp="1086285300#3" type="string">Doe</value> 


tr-name="FirstName"> 


<value timestamp="1086285334#1" type="string">John</value> 


</source> 
<input> 
<add expire 
src-en 
<add-attr at 
</add-attr> 
<add-attr at 
</add-attr> 
<add-attr at 
</add-attr> 
<add-attr at 
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tr-name="InternetAddress"> 
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Doe" 


Doe</value> 


<value>John Doe@dirxml.com</value> 
</add-attr> 
</add> 
</input> 
</nds> 


Sample of Renaming: Modifying a User Last Name 


This section shows a sample of the events when changing a last name from Doe to Doerr in 


eDirectory. Refer to “Move/Rename” on page 60 for more information. 


In this section: 
+ “Modify Event Produced by the DirXML Engine” on page 71 
+ “Modify Event Received by the Notes Driver Shim” on page 71 


Modify Event Produced by the DirXML Engine 


<nds dtdversion="2.0" ndsversion="8.x"> 
<source> 
<product version="2.0.5.38 ">DirXML</product> 
<contact>Novell, Inc.</contact> 
</source> 
<input> 
<modify class-name="User" 
event—id="MYSERVER-NDS#20040603175500#1#3" 
qualified-src—dn="0=DirXML\OU=Notes\O0U=Users\OU=sales\CN=John Doe" 
src-dn="\mytree\DirxXML\Notes\Users\sales\John Doe" 
src-entry-id="38727" 
timestamp="1086291578#2"> 
<association state="associated">BB888BB0C35D13EC87256EA8006296CE</association> 
<modify-attr attr-name="Surname"> 
<remove-value> 
<value timestamp="1086285300#3" type="string">Doe</value> 
</remove-value> 
<add-value> 
<value timestamp="1086291578#2" type="string">Doerr</value> 
</add-value> 
</modify-attr> 
</modi fy> 
</input> 
</nds> 


Modify Event Received by the Notes Driver Shim 


The required attributes are shown in bold. The optional attributes are shown in italics. 


<nds dtdversion="2.0" ndsversion="8.x"> 
<source> 
<product version="2.0.5.38 ">DirXML</product> 
<contact>Novell, Inc.</contact> 
</source> 
<input> 
<modify class-name="Person" 
drv-param-cert-id="sales-cert-id-file" 
drv-param-cert-pwd="sales-cert-id-password" 
event-id="MYSERVER-NDS+20040603175500+ 143" 
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qualified-src-dn="0=DirXML\OU=Notes\OU=Users\OU=sales\CN=John Doe" 
src-dn="\mytree\DirxXML\Notes\Users\sales\John Doe" 
src-entry-id="38727" 
tell-adminp-process="tell adminp process all" 
timestamp="1086291578#2"> 
<association state="associated">BB888BB0C35D13EC87256EA8006296CE</association> 
<modify-attr attr-name="LastName"> 
<remove-value> 
<value timestamp="1086285300#3" type="string">Doe</value> 
</remove-value> 
<add-value> 
<value timestamp="1086291578#2" type="string">Doerr</value> 
</add-value> 
</modify-attr> 
</modi fy> 
</input> 
</nds> 


Sample of Moving a User 


This section shows a sample of the events when moving John Doerr from the OU=sales to 
OU=mktg in eDirectory. Refer to “Move/Rename” on page 60 for more information. 


In this section: 
+ “Move Event Produced by the DirXML Engine” on page 72 
+ “Move Event Received by the Notes Driver Shim” on page 73 


Move Event Produced by the DirXML Engine 


<nds dtdversion="2.0" ndsversion="8.x"> 
<source> 
<product version="2.0.5.38 ">DirXML</product> 
<contact>Novell, Inc.</contact> 
</source> 
<input> 
<move class-name="User" 
event—id="MYSERVER-NDS#20040603175500#1#1" 
old-src-dn="\mytree\DirXML\Notes\Users\sales\John Doerr" 


qualified-old-src-dn="0=DirXML\OU=Notes\OU=Users\OU=sales\CN=John Doerr" 


qualified-src-dn="0=DirXMLXOU=Notesl0U=UserslO0U=mktglCN=John Doerr" 
src-dn="\mytree\DirxML\Notes\Users\mktg\John Doerr" 
src-entry-id="38727" 
timestamp="1086285300#1"> 
<association state="associated">BB888BB0C35D13EC87256EA8006296CE</association> 
<parent qualified-src-dn="0=DirXMLXOU=Notesl0U=Usersl0U=mktg" 
src-dn="\mytree\DirXML\Notes\Users\mktg" src-entry-id="36691"/> 


</move> 
</input> 
</nds> 
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Move Event Received by the Notes Driver Shim 


The required attributes are shown in bold. The optional attributes are shown in italics. 


<nds dtdversion="2.0" ndsversion="8.x"> 
<source> 
<product version="2.0.5.38 ">DirXML</product> 
<contact>Novell, Inc.</contact> 
</source> 
<input> 
<move certifier-name="/mktg/dirxml" 
class-name="Person" 
drv-param-cert-id="mktg-cert-id-file" 
drv-param-cert-pwd="mktg-cert-id-password" 
drv-param-old-cert-id="sales-cert-id-file" 
drv-param-old-cert-pwd="sales-cert-id-password" 
event—id="MYSERVER-NDS#20040603175500#1#1" 
old-src-dn="\mytree\DirXML\Notes\Users\sales\John Doerr" 
qualified-old-src-dn="0=DirXML\OU=Notes\OU=Users\OU=sales\CN=John Doerr" 
qualified-srce-dn="0=DirXML\OU=Notes\OU=Users\OU=mktg\CN=John Doerr" 
src-dn="\mytree\DirxXML\Notes\Users\mktg\John Doerr" 
src-entry-id="38727" 
tell-adminp-process="tell adminp process all" 
timestamp="1086285300#1"> 
<association state="associated">BB888BB0C35D13EC87256EA8006296CE</association> 
<parent qualified-src-dn="0=DirXMLXOU=Notesl0U=Usersl0U=mktg" 
src-dn="AmytreelDirXMLANoteslUsersimktg" src-entry-id="36691"/> 


</move> 
</input> 
</nds> 


Sample of Deleting a User 


This section shows a sample of the events when deleting John Doerr from eDirectory. 


In this section: 
+ “Delete Event Produced by the DirXML Engine” on page 73 
+ “Delete Event Received by the Notes Driver Shim” on page 74 


Delete Event Produced by the DirXML Engine 


<nds dtdversion="2.0" ndsversion="8.x"> 
<source> 
<product version="2.0.5.38 ">DirXML</product> 
<contact>Novell, Inc.</contact> 
</source> 
<input> 
<delete class-name="User" 
event—id="MYSERVER-NDS#20040603195215#1#6" 
qualified-src-dn="0=DirXMLXOU=Notesl0U=UserslO0U=mktglCN=John Doerr" 
src-dn="\mytree\DirXML\Notes\Users\mktg\John Doerr" 
src-entry-id="38727" 
timestamp="1086292335#6"> 
<association state="associated">BB888BB0C35D13EC87256EA8006296CE</association> 
</delete> 
</input> 
</nds> 


Samples for New Features 


73 


Delete Event Received by the Notes Driver Shim 


The required attributes are shown in bold. The optional attributes are shown in italics. 


<nds dtdversion="2.0" ndsversion="8.x"> 
<source> 
<product version="2.0.5.38 ">DirXML</product> 
<contact>Novell, Inc.</contact> 
</source> 
<input> 
<delete class-name="Person" 
delete-windows-user="false" 
deny-access-group-1id="7EFB951A3574521F87256E540001F140" 
event—id="MYSERVER-NDS#20040603195215#1#6" 
immediate="true" 
mail-file-action="MAILFILE DELETE ALL" 
qualified-src-dn="0=DirXMLXOU=Notesl0U=UserslO0U=mktglCN=John Doerr" 
src-dn="\mytree\DirxML\Notes\Users\mktg\John Doerr" 
src-entry-id="38727" 
tell-adminp-process="tell adminp process all" 
timestamp="1086292335#6"> 
<association state="associated">BB888BB0C35D13EC87256EA8006296CE</association> 
</delete> 
</input> 
</nds> 


Sample of Sending a Command to the Domino Server Console 


This section shows an example of using the driver’s ability to send a command to the Domino 
server console and receive a response. 


In this section: 
+ “Domino Console Command as Received by the Driver Shim” on page 74 


+ “Command Response Returned by the Notes Driver Shim” on page 74 


Domino Console Command as Received by the Driver Shim 


<nds dtdversion="1.0" ndsversion="8.5" xmlns:notes="http://www.novell.com/dirxml/notesdriver"> 
<input> 
<notes:domino-console-command event-id="0">show server -xml</notes:domino-console-command> 
</input> 
</nds> 


Command Response Returned by the Notes Driver Shim 


Responses are truncated after 32000 characters. 


<nds dtdversion="2.0" ndsversion="8.x" xmlns:notes="http://www.novell.com/dirxml/notesdriver"> 
<source> 
<product build="20040602_1644" instance="NotesDriver" version="2.1">DirXML Driver for 
Lotus Notes</product> 
<contact>Novell, Inc.</contact> 
</source> 
<output> 
<notes:domino-console-respons vent-id="0"> 
<server platform="Windows/32" time="20040603T141140,48-06" version="Release 6.5"> 
<name>myserver/dirxml</name> 
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<diagnosticdirectory>C: \Lotus\Domino\Data\IBM_T 


<title>MyServer Domino Serve 


r</title> 


<directory>C: \Lotus\Domino\Data</directory> 
<partition>C.Lotus.Domino.Data</partition> 
<uptime days="6" hours="1" minutes="52" 
<transactions hour="80" minute="2" peak="3614"/> 
<sessions peaknumber="5" peaktime="20040528T130914,23-06"/> 
maxconcurrent="20"/> 


<transactions count="35797" 
<threadpool threads="40"/> 
<availability index="100" st 
<mailtracking enabled="0" st 


<mailjournalling enabled="0" 
<sharedmail enabled="0" stat 
<mailboxes number="1"/> 
<mail dead="0" pending="0"/> 
<tasks waiting="0"/> 
<transactionlogging enabled= 
<hosting enabled="0"/> 
<faultrecovery enabled="0" 
<activitylogging enabled="0" 
<controller enabled="0" stat 


<consolelogging enabled="0" 


ate="AVAI 


¡AB 


seconds="38"/> 


E"/> 


ate="Not 
state="Not 
e="Not 


"0"/> 


state="Not 
e="Not 


state="Not 


Enabled"/> 


Enabled"/> 


Enabled"/> 


state="Not Enabled"/> 


Enabled"/> 


Enabled"/> 


ECHNICAL SUPPORT</diagnosticdirectory> 
Enabled"/> 


<consolelogfile>C:\Lotus\Domino\Data\IBM_TECHNICAL_SUPPORT\console.log</consolelogfile> 


</nds> 


</server> 
</notes:domino-console-response> 
<status event-id="0" level="succ 
</output> 


ess"/> 
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Updates 


This section contains information about documentation content changes that have been made in 
this guide. 


The information is grouped according to the date the documentation updates were published. 


The documentation is provided on the Web in two formats: HTML and PDF. The HTML and PDF 
documentation are both kept up-to-date with the documentation changes listed in this section. 


If you need to know whether a copy of the PDF documentation you are using is the most recent, 
the PDF document contains the date it was published in the Legal Notices section immediately 
following the title page. 


The documentation was updated on the following dates: 
+ “March 18, 2004” on page 77 
+ “April 26, 2004” on page 78 
+ “August 3, 2004” on page 78 
+ “August 19, 2004” on page 78 


March 18, 2004 


+ The following item has been added to “Installing the Driver Shim” on page 18: 


Make sure that the Domino shared libraries directory (for example, C:\Lotus\Domino) is in 
the Windows system path. 


Without this directory in the Windows system path, the JVM might have difficulty locating 
the Domino shared libraries required by Notes.jar, such as nxlsbe.dll. 


¢ The following has been added to Step 7 about the notes.ini file, in “Upgrading on Windows” 
on page 31: 


If the name of your driver includes spaces, then you must put quotes around the name. 


For example, if the driver name is CN=Notes Driver, your notes.ini might look like the 
following: 


ServerTasks=Router, Replica, Update, Amgr, AdminP,maps, ndsrep 
notesdrvl,ndsrep "Notes Driver" 


+ References to Password Synchronization 2.0 have been changed to Nsure™ Identity Manager 
Password Synchronization, to indicate that the new Password Synchronization functionality 
is not a separate product, but is a feature of Identity Manager. 


+ References to DirXML 2.0 have been changed to Identity Manager 2. The engine and drivers 
are still referred to as the DirXML engine and DirXML drivers. 
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April 26, 2004 


August 3, 2004 


+ 


+ 


+ 


+ 


In the New Features section, it is noted that the driver supports Password Synchronization for 
set and modify for the Notes HTTP password. For the Notes ID file password, the password 
can be set only when it is created. 


Minor editorial changes were made. 


More items added to "New Features” on page 9 for the 2.1 version of the driver. 
More information added to Chapter 3, "Upgrading,” on page 31. 


“Determining eDirectory Object Placement When a Notes Object is Moved” on page 37 has 
been updated to reflect the new Move functionality available with Notes 6.0.3 or later and the 
driver’s AdminP features. 


A few new parameters have been added to “Using Driver Parameters” on page 40. Also, the 
lists are now in alphabetical order. 


Many new override parameters have been added to “Overriding Driver Parameters” on 
page 47. Also, the list is now in alphabetical order. 


Samples of using the driver’s new AdminP features have been added in Appendix B, 
“Samples for New Features,” on page 69. 


Improved the information about the scripts in “Installing on AIX, Linux, or Solaris” on 
page 20. 


Windows 2003 is now supported for both the DirXML engine and the DirXML Driver for 
Lotus Notes, and the following sections have been updated to reflect that: 


+ “Where to Install the Driver” on page 15 
+ “Meeting Requirements for the Driver” on page 16 
A section was added, “Considerations for Using AdminP” on page 62. 


Some suggestions for troubleshooting were added to “Troubleshooting Installation” on 
page 23. 


August 19, 2004 
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+ 


+ 


+ 


The installation for ATX, Linux, or Solaris was given its own section with new information 
added: “Installing on AIX, Linux, or Solaris” on page 20. A few other minor changes were 
made throughout the book to reflect use on those platforms. 


A new section was added, “Upgrading Domino” on page 35. 


Some suggestions for troubleshooting were added to “Troubleshooting Installation” on 
page 23. 
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